Skills
skills/majiayu000/claude-skill-registry/adb-karrot/Gen Agent Trust Hub

adb-karrot

Fail

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill performs high-privilege operations using adb shell through several scripts, including system-level app management (pm clear, am force-stop) and root-level interactions with the device environment.
  • [CREDENTIALS_UNSAFE]: The adb-karrot-test-login.py script accepts email and password as plaintext command-line parameters. This exposes sensitive user credentials in system process lists, shell history, and logs.
  • [DATA_EXFILTRATION]: The skill monitors system logs (logcat) via adb-karrot-liapp-monitor.py for specific security keywords and captures screenshots for AI analysis. These capabilities provide a surface for harvesting sensitive system and application data beyond the intended automation scope.
  • [EXTERNAL_DOWNLOADS]: The karrot-bypass-playintegrity.toon workflow automates the installation of external binary Magisk modules (e.g., PlayIntegrityFork.zip). These modules modify core system behavior to bypass security SDKs and represent unverifiable third-party code with system-level permissions.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of untrusted screen data and system logs. Ingestion points: karrot_ai_vision.py and adb-karrot-liapp-monitor.py. Boundary markers: Absent. Capability inventory: High-privilege adb shell execution and file writes. Sanitization: Absent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 17, 2026, 08:32 AM