Is android-adb safe?

https://clawhub.ai/StaticAI/android-adb

82
SAFE

The android-adb skill is a documentation-only reference for Android ADB automation. It contains no executable code, no prompt injection attempts, no exfiltration logic, and no malicious content. The primary risk is inherent to ADB itself — the skill guides an agent to execute shell commands on connected Android devices, which is a powerful but legitimate capability. Installation monitoring was clean with no network activity or canary file tampering.

Category Scores

Prompt Injection 90/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 70/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 60/100 · 5%

Findings (5)

LOW Skill instructs agent to execute shell commands -10

The skill's documented workflows involve running 'adb shell' commands via the agent's bash/shell tool. While this is the stated purpose and not an injection, it does guide the agent toward command execution as a normal behavior pattern.

LOW ADB pull can retrieve device files to host -15

The skill documents 'adb pull' commands that copy files from a connected Android device to the host filesystem. While intended for UI XML dumps and screenshots, this mechanism could pull arbitrary device files if the agent is instructed to do so.

MEDIUM ADB provides remote command execution surface on connected devices -30

The skill's core purpose is guiding an agent to execute arbitrary commands on a connected Android device via 'adb shell'. This is a legitimate use case but represents a significant command execution surface. An agent following these patterns could install malware, access private data, or manipulate the device beyond the user's intent.

LOW Combination risk with data exfiltration skills -40

While this skill is benign in isolation, its ADB pull + screenshot capabilities could be chained with a networking/upload skill to exfiltrate device data. The skill itself contains no exfiltration logic, but it provides half of a surveillance pipeline.

INFO Runtime reads .env and .aws/credentials during initialization -5

The openclaw runtime (not the skill) read .env and .aws/credentials during the installation process. These are standard runtime initialization reads and not attributable to the skill under test.