open-autoglm-phone-agent
open-autoglm-phone-agent · v · by
67.5
Trust Score
0
Trust Tier
danger
Badge
Score Breakdown
| Factor | Score | Weight |
|---|---|---|
| Static | 0.0 | 15% |
| Permission | 95.0 | 15% |
| Poison | 20.0 | 15% |
| Clickfix | 100.0 | 15% |
| Credential | 100.0 | 15% |
| Twostage | 100.0 | 10% |
| Infrastructure | 100.0 | 5% |
| Typosquat | 100.0 | 5% |
| Age | 10.0 | 3% |
| Popularity | 0.0 | 2% |
Scan Results
STATIC — Score: 0
[CRITICAL] Environment variable exfiltration to remote server
(line 197)
apikey=os.environ.get("MODEL_API_KEY"),
[CRITICAL] Environment variable exfiltration to remote server
(line 221)
api_key=os.environ.get("MODEL_API_KEY", "dummy"),
[HIGH] Shell command execution
(line 301)
result = subprocess.run(cmd, capture_output=True)
[HIGH] Shell command execution
(line 310)
subprocess.run(cmd)
[HIGH] Shell command execution
(line 319)
subprocess.run(cmd_enable)
[HIGH] Shell command execution
(line 323)
subprocess.run(cmd_text)
[HIGH] Shell command execution
(line 332)
subprocess.run(cmd)
[HIGH] Shell command execution
(line 340)
subprocess.run(cmd)
[HIGH] Shell command execution
(line 349)
subprocess.run(cmd)
PERMISSION — Score: 95
[LOW] Skill appears to use network but declares no permissions
POISON — Score: 20
[HIGH] Fake developer/admin mode activation
(line 38)
- Android device with Developer Mode + USB Debugging enabled
[HIGH] Fake developer/admin mode activation
(line 474)
**Fix**: HarmonyOS NEXT (not earlier versions) is required. Enable developer mode in Settings → About → Version Number (
CLICKFIX — Score: 100
No findings.
INFRASTRUCTURE — Score: 100
No findings.
TWOSTAGE — Score: 100
No findings.
CREDENTIAL — Score: 100
No findings.
TYPOSQUAT — Score: 100
No findings.