Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Android Armor Breaker
v2.2.0Android Armor Breaker - Frida-based unpacking technology for commercial to enterprise Android app protections, providing complete APK reinforcement analysis...
⭐ 1· 180·0 current·0 all-time
by小红星@haonings
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (Frida unpacking, root memory extraction, DEX extraction) match the declared binaries (frida-dexdump, python3, adb) and the included scripts. The files contain Frida JS and Python modules implementing instrumentation, memory reads, APK analysis and adb/frida invocation — all expected for this functionality.
Instruction Scope
SKILL.md and QUICK_START instruct installing frida-tools, python3, adb and running frida-server on the device; scripts generate and write Frida JS to temp files, run adb/frida commands, and access device process memory. These actions are within the described unpacking scope. Note: the skill performs active bypass hooks (native/Java hooks, ptrace blocking, fopen interception) and writes temporary scripts — dual-use functionality is expected here but grants powerful capabilities on a connected/rooted device.
Install Mechanism
No remote download/install from untrusted URLs. SKILL.md suggests installing frida-tools via pip and packages via apt — standard package sources. There is no archive extraction from arbitrary URLs or custom binary downloads in the skill metadata.
Credentials
The skill requires no host environment variables or credentials and only needs local binaries (frida-dexdump/frida, python3, adb). It does require a rooted/privileged Android device for some features (root memory extraction), which is proportional to the stated capabilities. No unrelated credentials or host config paths are requested.
Persistence & Privilege
The skill is not marked always:true and does not request persistent platform‑level privileges. It can be invoked by the agent (normal), and its behavior is limited to running the included scripts and calling adb/frida; it does not modify other skills or system-wide agent configs.
Scan Findings in Context
[pre-scan-injection-signals-none] expected: The pre-scan reported no injection signals. The code itself contains patterns (ptrace interception, /proc/<pid>/mem reading, Frida hooking and send() messaging) that would not necessarily be flagged as 'injection' by a simple scanner but are expected for a Frida unpacking tool.
Assessment
This skill is internally coherent for reverse-engineering / unpacking Android apps, but it is powerful and dual-use. Before installing: 1) Only use it on devices and APKs you own or are authorized to test — extracting memory or bypassing protections may be illegal otherwise. 2) Expect to need a rooted Android device and to run frida-server on it; root operations and /proc/<pid>/mem reads are required for some features. 3) Review the included scripts (Frida JS and Python) yourself — they generate temporary files and perform native hooks and memory reads; run in an isolated test environment (not on production or personal devices). 4) Note small doc/code discrepancies (e.g., README mentions a libDexHelper_original.so; it is not present in the manifest) — verify all referenced artifacts are available before running. 5) If you are not comfortable with these capabilities or legal/ethical implications, do not install or run the skill.scripts/root_memory_extractor_enhanced.py:50
Potential obfuscated payload detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.Like a lobster shell, security has layers — review code before you run it.
latestvk974smb0esatzpbeyrd09wq7c18400zc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binsfrida-dexdump, python3, adb