ClawHub

Oskill Proxy

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Android control proxy, but it exposes broad device/app actions and ships a concrete-looking token without enough guardrails.

Install only if you trust the separate OSkillProxy Android app and need Android component-level automation. Replace and rotate the embedded token before use, keep the service bound to localhost, and require explicit approval before invoking unknown components, querying sensitive providers, or modifying/deleting ContentProvider data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The skill manifest embeds a concrete bearer token directly in the distributed documentation/config, which exposes a live authentication secret to anyone who can read the skill file. Because this token authorizes a local component-proxy capable of launching Activities/Services, sending Broadcasts, and modifying ContentProviders, disclosure can enable unauthorized control of device/app state and access to sensitive app interfaces.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill explicitly exposes insert, update, and delete operations against arbitrary ContentProviders but does not warn that these actions may irreversibly modify or delete device or app data. In this context, the proxy is designed to operate with the app's identity, so silent destructive capabilities are more dangerous because users or downstream agents may treat the skill as routine plumbing rather than a state-changing interface.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The skill documents starting Activities, Services, and sending Broadcasts without disclosing that these operations can trigger side effects such as app state changes, privileged workflows, background execution, or user-visible actions. Given that the proxy is specifically intended to invoke Android components on behalf of an app identity, omission of these warnings increases the risk of unsafe automation and abuse of exported components.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal