Scrcpy Claw
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill openly provides Android device control, but it gives an agent broad ability to act through your phone and includes unsafe ADB shell text handling without clear approval boundaries.
Treat this as a powerful remote-control tool for a connected Android phone. Use it on test devices or low-risk accounts first, keep USB debugging under your control, require explicit confirmation for messages or account-changing actions, avoid sensitive screens, and stop/disconnect scrcpy/ADB sessions when finished.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could perform real actions on a connected Android device, including typing, tapping, changing settings, stopping apps, or sending messages.
The skill exposes broad device/app control and natural-language automation, including stopping apps, modifying clipboard state, and sending messages, without documented confirmation or scope restrictions for high-impact actions.
controller.force_stop("com.tencent.mm") ... controller.set_clipboard("text") ... engine.run_automation("搜索并发送消息给张三")Use only on devices and apps you are comfortable automating, and require explicit user confirmation before sending messages, changing settings, stopping apps, or taking account-affecting actions.
If untrusted or malformed text is typed through this method, it could potentially trigger unintended shell commands on the connected Android device.
Text input is passed through `adb shell input text` with only partial escaping. Shell metacharacters not escaped here could be interpreted by the Android shell instead of being typed as text.
escaped = text.replace(' ', '%s').replace('&', '\\&').replace('(', '\\(').replace(')', '\\)')
cmd = ["shell", "input", "text", escaped]Sanitize or robustly quote all text passed to `adb shell`, reject dangerous metacharacters, or use a safer input method such as a dedicated keyboard/broadcast channel for arbitrary text.
Actions performed by the agent may appear to come from you or your logged-in phone apps.
The skill can act through logged-in Android apps and user sessions, such as sending a message in WeChat, but does not document approval boundaries for account-affecting actions.
engine.run_automation("打开微信发送消息给张三")
# Open WeChat and send message to Zhang SanDo not grant this skill access to personal or production accounts unless you require confirmation before any message, purchase, account change, deletion, or public/private communication.
Sensitive text visible in apps, notifications, or forms may be read into the agent context during analysis.
The screen analyzer pulls the current UI hierarchy from the device and stores parsed UI elements in memory. This is expected for screen analysis, but the UI text may contain sensitive information.
self._run_adb(["pull", "/sdcard/ui_dump.xml", local_path]) ... self.last_elements = elements
Avoid using this skill on screens containing passwords, private messages, financial data, or other sensitive content unless that analysis is necessary.
Users may not realize they need to install and trust ADB/scrcpy-related tooling before the skill can control a device.
The skill depends on external ADB tooling, while the registry requirements section lists no required binaries. This is an under-declared dependency rather than evidence of malicious installation behavior.
"external_tools": [
"adb"
]Install ADB/scrcpy only from trusted sources, verify the local tooling, and update the registry metadata to declare required binaries.
A device-control session may remain active until the skill disconnects or the process is stopped.
The scrcpy integration starts a server process and uses ADB port forwarding, but the code also includes cleanup on disconnect. This is expected for scrcpy control but should not be left running unintentionally.
self.server_process = subprocess.Popen(...)
...
cmd.extend(["forward", "--remove", f"tcp:{self.local_port}"])Disconnect the scrcpy session after use and verify that ADB port forwarding and device-side server processes are stopped.