ClawPhone Phone Control
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a transparent phone-control skill, but it gives an agent broad ability to read your phone screen and operate logged-in apps, including sending messages, without explicit approval boundaries in the skill text.
Install only if you intentionally want an agent to control your phone. Before use, set clear rules that it must ask before sending messages, making purchases, deleting data, changing settings, or acting in logged-in apps. Keep sensitive screens and notifications hidden when possible, and review the external MCP phone controller because this package itself contains only instructions.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked too broadly, the agent could tap through apps, type text, or send messages from the phone before the user intended it.
The skill documents broad phone UI operation and message sending. This is aligned with phone control, but the artifacts do not require explicit user confirmation or app/action scoping before irreversible or account-mutating actions.
`tap` | x,y ... `type_text` | text ... `press_enter` ... `发送消息 | 优先点当前可见的绿色`发送`按钮 ... 发送后必须截图确认新气泡出现`
Require explicit user approval for sends, purchases, deletions, settings changes, or other irreversible actions, and limit use to named apps, recipients, and tasks.
Messages or other app actions may appear to come directly from the user's account.
The automation acts inside logged-in mobile apps such as WeChat, so actions can be performed using the user's existing account session.
启动微信 ... `launch_app("com.tencent.mm")` ... `发送消息 | 优先点当前可见的绿色`发送`按钮`Use this only on trusted devices and require confirmation of the app, recipient, content, and final action before sending or changing anything.
The agent may see sensitive information displayed on the phone or present in phone event queues.
The MCP phone tools can pass visible screen text, screenshots, and phone events to the agent, which may include private messages, notifications, or personal app content.
`get_screen_info` ... `包名+可见文字+分辨率`; `capture_screen` ... `JPEG 图`; `get_phone_events` ... `取出并清空事件队列`
Avoid using the skill while sensitive apps or notifications are visible, and only connect it to a trusted MCP phone controller.