Back to skill
Skillv0.1.0
VirusTotal security
Scrcpy Claw · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:59 AM
- Hash
- 8f23aa29a12e3768ee206a567a554f3a9bf64fc4d1e9d34a8dec330a8aeccf52
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: scrcpy-claw Version: 0.1.0 The skill provides extensive remote control capabilities for Android devices using ADB and the scrcpy protocol, including file transfer, application installation, and screen recording. While these features align with the stated purpose of an 'Android Assistant,' the bundle is classified as suspicious due to the high-risk nature of these operations and a shell injection vulnerability in `scripts/adb_controller.py`. Specifically, the `input_text` method naively escapes only a few characters, allowing potential command injection on the Android device if a user-provided string contains shell metacharacters like semicolons or backticks. No evidence of intentional malice or host-level data exfiltration was observed.
- External report
- View on VirusTotal