Android Node
WarnAudited by ClawScan on May 14, 2026.
Overview
The skill mostly matches its local Android/Ollama node purpose, but its setup asks users to run an unreviewed remote shell script and exposes an unauthenticated Ollama API on the local network.
Review the setup script before running it, avoid the curl-to-bash install path unless you trust the publisher and domain, and only expose the Ollama phone node on a trusted local network.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A changed or compromised remote setup script could run arbitrary Termux commands on the phone during installation.
The documented setup runs a remote script that is not part of the reviewed file contents directly in a shell, so the installed behavior can change independently of this package.
curl -s https://albionwakes.com/phone_setup.sh | bash
Avoid piping remote scripts directly to bash. Download and inspect the script first, prefer the bundled setup.sh when possible, and require pinned versions or checksums.
The phone depends on whatever binary is served as the latest release at install time.
Installing Ollama is purpose-aligned, but the script downloads the latest executable without pinning a version or verifying a checksum.
OLLAMA_URL="https://github.com/ollama/ollama/releases/latest/download/ollama-linux-arm64" ... wget -q -O $HOME/bin/ollama "$OLLAMA_URL" ... chmod +x $HOME/bin/ollama
Use a specific Ollama release and verify its checksum or signature before making it executable.
Other devices on an untrusted WiFi network may be able to access the phone's Ollama endpoint or interact with inference traffic.
Binding Ollama to all interfaces is how the server can reach the phone, but it also makes the API reachable to other devices on the same network unless separately restricted.
export OLLAMA_HOST=0.0.0.0:11434
Run only on trusted networks, restrict access with firewall/VPN controls where possible, and avoid sending sensitive prompts over unsecured local networks.
The Termux shell environment is changed, and the Ollama service can keep running after the user manually starts it.
The setup creates persistent user-level configuration and a reusable start script, though it does not show hidden autostart or privilege escalation.
grep -q '$HOME/bin' $HOME/.bashrc 2>/dev/null || echo 'export PATH="$HOME/bin:$PATH"' >> $HOME/.bashrc ... cat > $HOME/start_node.sh
Stop the node when not in use and remove the .bashrc entry or ~/start_node.sh if uninstalling.