Is johnmalek312/mobilerun safe?

https://github.com/openclaw/skills/tree/main/skills/johnmalek312/mobilerun

98
SAFE

This skill provides legitimate Android device control functionality through the Mobilerun API, consisting entirely of documentation with no executable code. All monitoring indicators are clean with no evidence of malicious behavior, data exfiltration, or security violations.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (2)

INFO Detailed Workflow Instructions -5

The skill contains extensive instructions directing agent behavior for API workflows, including specific guidance on when to probe vs. setup devices and what information to surface to users. While these appear legitimate for managing complex API interactions, they represent detailed behavioral control.

INFO Device Control Privacy Risks -10

The skill provides powerful device control capabilities including screenshots and UI interaction, which inherently involve handling potentially sensitive user data. However, appropriate privacy protections are explicitly included in the documentation.