adb-karrot

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes plaintext passwords (e.g., --password testpass123 and workflow parameters like test_password: "bypasstest123") and shows passing them directly on the command line and in workflows, which requires the agent to emit secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content explicitly documents and automates deliberate security-evasion: installing Magisk/Zygisk hooks, PlayIntegrityFork, Shamiko and HideMyApplist to hide root and spoof attestation for the com.towneers.www app (LIAPP/Play Integrity bypass), enabling unauthorized use, spoofing, and potential account/device compromise; while it does not show direct exfiltration or a remote backdoor, the workflows and module installs are intentionally designed to defeat device/app security and therefore constitute high-risk malicious behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs installing Magisk modules, using adb shell commands, and implementing Play Integrity / LIAPP bypasses (Shamiko, PlayIntegrityFork, HideMyApplist) — i.e. it directs the agent to evade security mechanisms and modify system-level components on the target device.