Security audit

adb-phone-control

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Android ADB control helper, with real privacy and device-action risks that fit its stated purpose.

Install only if you are comfortable letting an agent control a connected Android device through ADB. Use a private ADB_OUTPUT_DIR, delete screenshots/UI dumps when done, avoid sensitive screens, and do not run recursive exploration on apps where automated taps could cause account, financial, messaging, or data-changing side effects.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 96% confidence
Finding: The skill clearly invokes shell-based device control and writes screenshots/UI dumps to local storage, but it does not declare equivalent permissions or explicitly scope those capabilities. That mismatch weakens security review and user consent, because a consumer may not realize the skill can execute arbitrary ADB shell actions and persist potentially sensitive device data.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill captures screenshots, UI hierarchies, and may use clipboard-based text injection, all of which can expose sensitive on-device information such as messages, tokens, contact data, or copied secrets. Because the documentation lacks an explicit privacy warning, minimization guidance, or artifact handling policy, operators may collect or store sensitive data unintentionally.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The helper automatically captures full UI hierarchy dumps and screenshots to local files under /tmp or a caller-controlled output directory, which can contain highly sensitive on-device information such as messages, notifications, account details, OTPs, and personal data. In the context of an ADB phone control skill, this behavior is functional, but the lack of explicit consent prompts, sensitivity warnings, retention controls, or restrictive file permissions increases the risk of accidental collection, persistence, and exposure of private data.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The script captures full-device screenshots and UI hierarchy dumps, then writes them to disk automatically. These artifacts can contain sensitive on-screen content, account details, notifications, messages, or app-specific personal data, and the skill context makes this especially relevant because it is designed to inspect arbitrary Android app UIs.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The code programmatically taps UI elements, sends back events, and relaunches the app during exploration, which can trigger unintended actions such as opening external links, dismissing prompts, submitting forms, or changing app state. In an ADB phone-control skill, this is more dangerous than in a passive inspection tool because autonomous UI driving can directly affect the connected device and user data.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal