v1.0.0

Yyds.Auto

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:20 AM.

Analysis

Yyds.Auto is openly an Android automation skill, but it gives an agent broad control over a phone, including elevated shell commands, app/file changes, Python execution, and remote device control.

GuidanceInstall this only if you intentionally want an AI agent to control an Android device. Prefer a dedicated test device, keep the engine on USB/localhost or a trusted LAN, verify the npm package source, avoid opening sensitive apps during automation, and require manual approval for shell, file deletion, APK install/uninstall, Python execution, and package-management actions.

Findings (6)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

Shell | 1 | Execute shell commands with ROOT/SHELL privileges ... File Operations | 7 | List, read, write, delete, rename files and directories on device ... App Management | 8 | ... install/uninstall APK

The skill exposes broad, high-impact device mutation tools, including privileged shell, file deletion/writes, and APK installation/removal, with no visible confirmation or containment model.

User impactA mistaken or hijacked agent action could alter apps, delete or change files, or run powerful device commands.

RecommendationUse only with a trusted or test Android device, require explicit user approval for shell, file, APK, and destructive operations, and disconnect or stop the engine when not actively needed.

Unexpected Code Execution

SeverityHighConfidenceHighStatusConcern

SKILL.md

Script Projects | 5 | List/start/stop Python projects, execute Python code snippets ... Pip Management | 4 | List, install, uninstall, inspect Python packages

The documented tools allow executing Python snippets and changing installed Python packages on the Android-side environment.

User impactThe agent could run arbitrary code or install packages on the device-side automation environment, increasing the impact of bad instructions or compromised prompts.

RecommendationTreat Python execution and package-management tools as privileged actions; allow them only for reviewed code and block or manually approve them during normal device automation.

Rogue Agents

SeverityMediumConfidenceHighStatusConcern

SKILL.md

AI Agent | 8 | Configure and run an on-device AI agent with natural language instructions ... Script Projects | 5 | List/start/stop Python projects

The skill can start on-device agents and Python projects, but the visible artifacts do not define stop conditions, runtime limits, or containment for those autonomous activities.

User impactAutomation may continue on the device beyond a single tap or screenshot task if an on-device agent or project is left running.

RecommendationUse explicit task boundaries and stop commands, monitor running projects or agents, and shut down the Android engine when automation is complete.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceHighStatusNote

metadata

Source: unknown ... Install specifications: node | package: yyds-auto-mcp | creates binaries: yyds-auto-mcp

The reviewed artifacts do not include the npm package implementation, so the executable code that performs device control is outside the provided artifact set.

User impactYou are trusting an external npm package to perform privileged Android automation.

RecommendationVerify the npm package publisher and source, pin a known-good version, and inspect the package before installing it on a system connected to important devices.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

SKILL.md

Device Info | 4 | Device model, screen size, IMEI, foreground app, network status ... Execute shell commands with ROOT/SHELL privileges

The skill can access device identity/app-state information and operate with shell or root-level authority, which is a significant permission boundary for an Android device.

User impactThe agent may see sensitive device identifiers and current app activity and may act with elevated privileges on the device.

RecommendationAvoid using this on a personal phone with sensitive accounts unless you fully trust the tool and the connected agent; prefer a dedicated automation device with minimal personal data.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceMediumStatusConcern

SKILL.md

yyds-auto-mcp (Node.js, this skill) ↓ HTTP REST (JSON, port 61140) ... Remote devices over WiFi/LAN are also supported.

The artifacts describe a high-impact MCP-to-device bridge over an HTTP REST host/port and LAN support, but do not document authentication, authorization, or network-boundary protections.

User impactIf the device engine or configured port is exposed beyond a trusted connection, device screenshots, UI state, files, or control actions could cross an unsafe boundary.

RecommendationPrefer USB or localhost forwarding, keep the port firewalled, do not expose the engine to untrusted networks, and verify the engine’s authentication and access-control behavior before use.