Back to skill

Security audit

Another

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is coherent for Android automation, but it grants an agent broad device control, screenshots, arbitrary ADB shell commands, and WiFi debugging without enough safety boundaries.

Install only if you trust the separate Another desktop app and intend to let an agent control an authorized Android device. Prefer a test device or test profile, keep banking, messaging, account, and enterprise apps out of scope, require explicit confirmation before shell commands or WiFi debugging, and disconnect or disable debugging when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly exposes an arbitrary `adb shell` capability but provides no safety guidance, allowlist, or warning that commands can modify device state, access sensitive data, or damage a connected device. In an agent setting, this materially increases the chance of unsafe command execution because the model may treat shell access as a routine tool rather than a high-risk operation.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill is designed to capture screenshots and remotely control an Android device, yet it does not warn that screenshots and UI interaction may expose passwords, messages, personal media, tokens, or other sensitive on-screen data. Because the workflow encourages repeated screenshots before and after actions, it increases the likelihood of collecting and processing private user content without clear consent or handling guidance.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.