Claw Use Android — Phone Control for AI Agents
Control and interact with real Android phones via HTTP and CLI without ADB or root, supporting screen reading, taps, typing, apps, calls, and voice.
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 22 · 0 current installs · 0 all-time installs
by傅洋@4ier
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (remote Android control) align with the SKILL.md commands (cua CLI, screen/tap/type/tts/etc.). Requiring an APK + a device token is consistent with the stated capability.
Instruction Scope
Instructions direct the user/agent to install an APK (no source or verification provided), register devices with tokens, and configure an auto-unlock PIN. They also advise adding Tailscale for remote access. Those steps expand the threat surface (unsigned APK, plaintext PIN/config, network exposure). The SKILL.md does not provide secure handling guidance or limits on where tokens/PINs are stored.
Install Mechanism
There is no install spec and no known source or signature for the APK the document requires you to install. Telling users to install an unspecified APK is high risk because arbitrary code will run on the phone and the skill provides no provenance or verification instructions.
Credentials
The registry metadata declares no required env vars, which is consistent, but the SKILL.md expects device tokens and a PIN to be supplied/configured. Sensitive secrets (tokens, PIN) are necessary for the functionality but the skill gives no guidance on secure storage or minimal privilege. That omission is important but not necessarily incoherent.
Persistence & Privilege
The skill is not always-enabled and is user-invocable only. It does not request modifying agent/system config or persistent platform privileges in the metadata. Autonomous invocation is allowed (platform default) but not combined with other elevated flags.
What to consider before installing
This skill appears to do what it claims, but it asks you to install and run an APK of unknown provenance and to configure tokens and an auto-unlock PIN — both create substantial risk to your device and data. Before installing or using it: (1) demand the APK source, signed release, and project homepage or source code; (2) verify the APK (signature, checksum, VirusTotal) and review its permissions; (3) avoid storing PINs or tokens in plaintext on devices or machines — use secure secrets storage if possible; (4) prefer LAN-only connections and avoid exposing your phone via Tailscale or the public Internet unless you fully trust and audit the app; (5) test on an unprivileged/secondary device rather than your primary phone; (6) request the publisher provide install provenance and security guidance — lack of that information would be a strong reason not to proceed.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.0
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
Claw Use Android — Phone Control for AI Agents
Give your AI agent eyes, hands, and a voice on a real Android phone.
claw-use-android is an Android app + CLI (cua) that exposes 25 HTTP endpoints for full phone control. No ADB, no root, no PC.
Setup
# Install the APK on your Android phone, enable Accessibility Service
# Then register the device:
cua add redmi 192.168.0.105 <token>
cua ping
CLI Reference (cua)
Device Management
cua add <name> <ip> <token> # register device with alias
cua devices # list all (with live status)
cua use <name> # switch default device
cua -d <name> <command> # target specific device
Perception — read the phone
cua screen # full UI tree (JSON)
cua screen -c # compact: only interactive/text elements
cua screenshot # save screenshot, print path
cua screenshot 50 720 out.jpg # quality, maxWidth, output
cua notifications # list all notifications
cua status # health dashboard
cua info # device model, screen size, permissions
Action — control the phone
cua tap <x> <y> # tap coordinates
cua click <text> # tap element by visible text
cua longpress <x> <y> # long press
cua swipe up|down|left|right
cua scroll up|down|left|right
cua type "text" # type text (CJK supported)
cua back # system back
cua home # go home
cua launch <package> # launch app
cua launch # list all apps
cua open <url> # open URL
cua call <number> # phone call
cua intent '<json>' # fire Android Intent
Audio
cua tts "hello" # speak through phone speaker
cua say "你好" # alias
Device State
cua wake # wake screen
cua lock / cua unlock # lock/unlock (PIN required)
cua config pin 123456 # set PIN for remote unlock
Workflow Patterns
Navigate and interact
cua launch org.telegram.messenger
cua screen -c
cua click "Search Chats"
cua type "John"
cua click "John"
Visual + semantic perception
cua screen -c # what elements exist
cua screenshot 50 720 /tmp/look.jpg # what it looks like
Handle locked device
Automatic — any command auto-unlocks if PIN is configured.
Multi-device
cua add phone1 192.168.0.101 <token>
cua add phone2 192.168.0.102 <token>
cua -d phone1 say "hello from phone 1"
cua -d phone2 screenshot
Tips
cua screen -cis the primary perception tool — compact filters noisecua clickby text is more reliable thancua tapwhen text is visiblecua screenshotfor visual context (layout, colors, images)- Auto-unlock is transparent: locked phone auto-unlocks before any command
- Add Tailscale for remote access from anywhere
Family
| Platform | Package | CLI | Status |
|---|---|---|---|
| Android | claw-use-android | cua | ✅ Available |
| iOS | claw-use-ios | cui | 🔮 Planned |
| Windows | claw-use-windows | cuw | 🔮 Planned |
| Linux | claw-use-linux | cul | 🔮 Planned |
| macOS | claw-use-mac | cum | 🔮 Planned |
Files
1 totalSelect a file
Select a file to preview.
Comments
Loading comments…