ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Scrcpy Claw

v0.1.0

Lobster Android Assistant (龙虾安卓助手) - A comprehensive Android device control skill. Provides touch control, keyboard input, system operations, screen analysis...

0· 222·0 current·0 all-time
by@italks
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Android control via ADB/scrcpy) matches the included Python controllers and README. The scripts implement ADB commands, UI dump parsing, scrcpy server push/connection, and AI-assisted decision logic — all relevant to remote device control and automation.
Instruction Scope
SKILL.md and the scripts instruct the agent to run ADB and scrcpy-related commands, pull UI dumps, take screenshots, push and start a scrcpy server, and (optionally) install APKs. These actions access sensitive device data (screenshots, UI hierarchy, clipboard) but are expected for a device-control skill. There is no instruction to read unrelated host files or to transmit data to external endpoints.
Install Mechanism
This is instruction-only with bundled scripts (no automated installer or remote downloads). The code looks for an existing scrcpy-server JAR in common locations and will warn if not found rather than downloading arbitrary code. No install URLs, package registry pulls, or archive extraction were observed.
Credentials
The skill requests no environment credentials or config paths. It requires ADB on PATH (documented) which is appropriate. The scripts operate on connected Android devices and local files (screenshots, UI dumps), which is proportionate to the stated functionality.
Persistence & Privilege
always:false and no attempt to modify other skills or system-wide agent config. The skill performs subprocesses, port-forwarding, and starts a server on the device — normal for scrcpy integration. Note: the platform default allows autonomous invocation; combined with device-control capabilities this increases the importance of trusting the skill before enabling autonomous runs.
Assessment
This skill legitimately needs ADB/scrcpy access and will perform powerful actions on any connected Android device (push/start server, take screenshots, read UI hierarchy, set clipboard, install APKs). Only install/use it if you trust the source and will run it on devices you control. Before using: (1) review the scripts (they are included) to confirm no unwanted network exfiltration; (2) ensure adb is only connected to intended devices; (3) provide a trusted scrcpy-server.jar if you plan to use scrcpy features; and (4) if you dislike autonomous agent invocation, keep the skill user-invocable only or disable autonomous invocation in your agent settings.

Like a lobster shell, security has layers — review code before you run it.

latestvk975kr6nrf44b8n65nwv9hkssx82swna

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments