ClawHub

图图智控(TUTU Smart Control)

Security checks across malware telemetry and agentic risk

Overview

This skill is a real Android remote-control integration, but it exposes broad phone control and sensitive data access with inconsistent safety documentation and overly broad activation triggers.

Install only if you fully trust the publisher, the TUTU cloud service, and the agent operating the phone. Use a non-primary or closely monitored device where possible, keep TUTU_API_TOKEN only in the platform secret store, revoke it if exposed, and require explicit user intent before any messaging, calling, notification reading, file access, app changes, settings changes, downloads, mock location, or GUI automation inside sensitive apps.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The skill’s connection flow instructs the agent to ask the user for a Token and SN, but earlier sections explicitly state the token is environment-injected and SN is unnecessary. This inconsistency can cause the agent to solicit secrets unnecessarily, increasing credential exposure risk and confusing operators about the true trust model.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The security section claims there is no system-settings write capability, but the documented API includes `set_brightness`, `set_volume`, `set_rotation`, `set_wifi`, `set_bluetooth`, `set_airplane_mode`, and `set_screen_timeout`. These contradictions can mislead reviewers and users about the real authority of the skill, causing unsafe deployment and underestimation of disruptive device-control actions.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The document says only lock-state query is supported and implies no meaningful system modification, yet it exposes `set_location_mock` to spoof GPS. GPS spoofing can be abused for fraud, policy evasion, falsified check-ins, or misleading location-dependent apps, so describing the skill as non-modifying is materially inaccurate.

Vague Triggers

High
Confidence
96% confidence
Finding
The trigger list contains many generic terms such as 手机, 微信, 短信, 定位, 截图, 下载, and 日志 that can appear in ordinary conversation unrelated to remote device control. Because this skill can read private data and perform impactful actions, accidental invocation materially raises the risk of unintended surveillance or control attempts.

Vague Triggers

High
Confidence
95% confidence
Finding
The activation rule 'use this skill when the user mentions any of the following' is overly broad and poorly bounded for a high-privilege remote-control skill. This makes it easier for the skill to activate in benign contexts where the user is only discussing phones, apps, notifications, or location rather than requesting direct device operations.

Missing User Warnings

High
Confidence
91% confidence
Finding
The skill documents access to SMS, notifications, contacts, call logs, and GPS location without prominent up-front warnings in the operational sections. For a remote-control skill handling highly sensitive personal data, insufficient notice increases the chance of covert or surprising data access even if some later section mentions confirmation behavior.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
Several disruptive operations such as uninstalling apps, clearing app data, changing connectivity, and altering device settings are documented without strong inline risk warnings where the actions are introduced. This can normalize destructive behavior and make misuse more likely, especially in an automated agent context.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal