Skillv1.0.0

ClawScan security

Awesome GeeLark Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 7:39 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill generally matches its stated purpose (GeeLark cloud-phone + RPA automation) but contains several inconsistencies and operational instructions that increase risk (missing declared credentials/binaries, runs local ADB subprocesses, asks to store tokens locally).
Guidance: What to consider before installing: - Functionality: The code and docs match the description: this is a GeeLark cloud-phone manager that can boot devices, enable ADB, run uiautomator2 automation, and submit RPA tasks that may include social-account credentials. That behavior is consistent with the stated purpose. - Inconsistencies to fix/verify: The registry metadata declares no required environment variables or required binaries, but the skill expects an API token/appId/apiKey stored in assets/config.json and uses the adb binary/uiautomator2. Confirm that you will provide and protect those credentials and ensure adb is available/expected on the host. - Sensitive data: init_config.py creates assets/config.json containing API keys/tokens. Review init_config.py to confirm where/how credentials are stored and that file permissions/ignore rules are acceptable. RPA tasks may require social platform usernames/passwords — avoid feeding long-lived account credentials to any agent unless you fully trust the code and runtime environment. - Local command execution: The skill runs adb via subprocess (including a required 'glogin' step) and instructs pip installing uiautomator2 with --break-system-packages. Run this in an isolated/sandbox environment (VM/container) first and verify behavior; do not run on sensitive hosts. - Trust and provenance: Source/homepage is unknown in the registry entry. Although the docs reference openapi.geelark.com and a GitHub URL, verify the repository and the authorship before use (confirm the repository matches package files and the API base URL). If you cannot verify the origin, be cautious. - Recommended actions before use: (1) Inspect scripts/init_config.py, geelark_client.py, and any logging code to see exactly what data is stored/transmitted; (2) run the skill in a sandboxed VM; (3) avoid giving the agent unattended autonomous invocation until you confirm safe behavior; (4) only provide short-lived API keys or limited-scope credentials when possible; (5) ensure logs do not leak full secrets and review log-masking behavior. If you want, I can: point out where credentials are loaded in the code, summarize the exact subprocess calls that run adb/glogin, or suggest concrete sandboxing steps to test safely.

Review Dimensions

Purpose & Capability: noteName/description, docs, and code files align: the package is a GeeLark Cloud Phone client + helpers for booting devices, ADB/uiautomator2 automation, and RPA tasks for social platforms. However the registry metadata declares no required credentials or binaries even though the code/docs expect an API token/appId/apiKey (assets/config.json) and use local adb/uiautomator2. The missing declarations are an incoherence worth noting.
Instruction Scope: concernSKILL.md instructs the agent/operator to run scripts/init_config.py (creates assets/config.json containing API credentials), to pip-install uiautomator2, and to execute ADB commands via subprocess (including a 'glogin' step) and use uiautomator2 to dump UI hierarchies and perform taps/inputs. It also shows RPA tasks that include third-party account credentials (social platform usernames/passwords) and file paths. These instructions access and store sensitive credentials and run local system commands — beyond simple REST API calls — increasing attack surface and risk of accidental credential exposure or abuse. The SKILL.md also auto-loads credentials from a file not declared in the registry metadata.
Install Mechanism: noteThere is no formal install spec in the registry. The documentation tells users to pip install uiautomator2 (with --break-system-packages). That is a normal Python dependency for device automation but may require native system changes; using --break-system-packages can be intrusive. No downloads from external personal servers are present in the manifest. Overall install risk is moderate and centered on the uiautomator2 requirement and local ADB usage.
Credentials: concernThe skill expects API credentials (token, appId, apiKey) stored in assets/config.json and will log operations locally; it also accepts RPA payloads containing third-party account credentials and proxy information. Yet the registry entry lists no required env vars or required binaries (e.g., adb) — an inconsistency. Requesting or storing multiple credentials (GeeLark API keys plus social account passwords and proxy credentials) is proportionate to the functionality but must be declared clearly and handled cautiously; the current packaging omits that declaration and thus looks under-specified and risky.
Persistence & Privilege: noteThe skill is not marked always:true and does not request elevated system privileges. It writes assets/config.json and logs to logs/cloudphone/ (normal for a client). However, default platform behavior allows autonomous invocation; combined with this skill's access to API tokens and potential to run local adb/subprocess commands, autonomous operation increases blast radius — test in a controlled environment and consider restricting autonomous runs until validated.