Adb Claw
Security checks across static analysis, malware telemetry, and agentic risk
Overview
ADB Claw is a powerful Android automation skill that openly provides broad device control, but its scope is high-impact and the artifacts do not show clear safeguards around destructive actions or the downloaded executable.
Install only if you intentionally want an agent to control a connected Android device. Review and trust the upstream adb-claw binary, keep USB debugging limited to trusted hosts, and require explicit confirmation for shell commands, file transfers, app uninstall/clear-data, unlock actions, live UI monitoring, and audio capture.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could change apps, delete app data, transfer files, or run commands on a connected Android device if instructed or if it interprets a request broadly.
These are broad, high-impact device-control and mutation capabilities. They fit the Android automation purpose, but the provided artifacts do not show clear approval, rollback, or containment requirements for destructive operations.
manage full app lifecycle (install/uninstall/clear), control screen (on/off/unlock/rotation), run shell commands, and transfer files
Use only with devices you are comfortable letting the agent control, and require explicit confirmation before shell commands, app uninstall/clear-data, file transfer, or unlock-related actions.
The skill may be invoked during ordinary natural-language Android tasks, increasing the chance that an agent performs a powerful action without the user explicitly selecting the skill.
Automatic activation is convenient, but paired with broad device-control commands it creates ambiguity about when sensitive actions may be invoked unless the agent or user enforces confirmations.
Claude reads the Triggers list below and automatically activates this skill when your message matches — no explicit invocation required.
Configure the agent to ask before using this skill for destructive or privacy-sensitive actions, even if the skill is triggered automatically.
Users must trust the external release binary and the release channel; a compromised or changed release could run with the same broad Android-control authority.
The skill installs platform-specific executable binaries from mutable 'latest' release URLs, and the supplied artifact set includes no source code, checksum, or signature for the adb-claw binary.
"url": "https://github.com/llm-net/adb-claw/releases/latest/download/adb-claw-linux-amd64"
Prefer pinned release versions with published checksums or signatures, and review the upstream project before installing.
A connected device with debugging enabled can be observed and controlled much more deeply than a normal app interaction.
USB debugging/ADB grants powerful access to a connected Android device. This is expected for an Android-control skill, but it is still a significant permission boundary.
Make sure `adb` is installed and a device is connected via USB with debugging enabled.
Enable USB debugging only for trusted devices and hosts, disconnect when finished, and revoke debugging authorization if you no longer need it.
Private on-screen text or audio from the device may become part of the agent's working context while the command runs.
The skill can feed live UI text and device audio into the agent workflow. This is purpose-aligned sensory access, but it may expose private messages, captions, account screens, or other sensitive content.
`monitor` connects to Android's accessibility framework, reading all UI text in real-time ... System audio capture ... streams WAV to stdout for piping to ASR tools.
Avoid running monitor or audio capture while sensitive apps, notifications, conversations, or account screens are visible or audible.
Temporary helper code may run on the Android device during live monitoring or audio capture.
The skill discloses temporary helper components on the device. The artifacts say they auto-exit, so this is not evidence of hidden persistence, but users should know helpers may be pushed during monitoring/capture.
only `monitor` and `audio capture` push temporary ~7KB helpers that auto-exit
Use those modes only when needed and verify they stop after the task completes.