Skills
skills/southpawin/burner-phone/burner-phone/Snyk

burner-phone

Fail

Audited by Snyk on Mar 27, 2026

Risk Level: CRITICAL
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.90). The prompt includes plaintext secrets (e.g., screen_pin values, unlock PIN in examples) and shows patterns that embed those secrets directly into commands or function calls (e.g., agent.unlock_screen(pin="4658") / adb shell input text '4658'), which requires the LLM to handle/output secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 0.90). The repository contains multiple deliberate backdoor and surveillance patterns: always-on camera/microphone streaming and “auto-journal” (silent conversation capture) that are sent to a remote model/server, persistent remote SSH access and auto-recovery (auto-starting Termux sshd via ADB), tooling to push/pull files and run arbitrary shell commands on devices (scp/ssh/adb), and plans to replace the Android assistant / use accessibility services — together these enable continuous covert data collection and remote control/exfiltration of device data.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill explicitly describes web-search and web-browsing functionality (ARCHITECTURE.md: "Web searches via MCP tools", README/ARCHITECTURE examples including "Option B: Fetch web weather and speak response") and provides commands to open arbitrary URLs (SKILL.md "Open URL" via adb am start), meaning the agent will fetch/ingest untrusted public web content and act on it as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill calls a vision/LLM API at runtime (examples: http://localhost:8081/v1/chat/completions and the Senter server http://100.84.195.22:8081) and parses the model's responses (e.g., coordinates/instructions) to drive device actions, so remote content from that URL directly controls agent instructions and is a required dependency.

Issues (4)

W007
HIGH

Insecure credential handling detected in skill instructions.

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Mar 27, 2026, 02:51 PM
Issues
4
Security Audit — snyk — burner-phone