Back to skill
Skillv1.0.0
ClawScan security
Clawpaw Android Control Template · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 14, 2026, 12:27 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This skill is internally coherent: it implements an Android remote-control integration (via a companion app + accessibility permissions) and requests no unrelated environment credentials or installs unusual software.
- Guidance
- This skill appears to do what it says, but it controls sensitive phone features. Before installing: (1) verify you trust the ClawPaw App source (check the referenced GitHub repo and its releases), (2) only grant the phone-side permissions you actually need (avoid QUERY_ALL_PACKAGES or MANAGE_EXTERNAL_STORAGE unless necessary), (3) be cautious entering API keys into config.yaml (they are stored plaintext), (4) consider running control on a test device first and reviewing the ClawPaw App code, and (5) if you do not want automated or background phone actions, restrict or supervise the skill's use in your agent (e.g., require manual confirmation before executing high-impact commands like sms.send, phone.call, file reads, camera, or notifications).
Review Dimensions
- Purpose & Capability
- okName/description match the delivered artifacts: SKILL.md, README, permission doc, config.yaml and a Python HTTP controller that talks to a phone API. Requested capabilities (clicks, swipes, screenshots, contacts, SMS, camera, etc.) are consistent with a full-featured phone-control skill and are justified by the skill's purpose.
- Instruction Scope
- noteInstructions tell the agent to use either OpenClaw 'nodes' gateway or the included HTTP Python script to call the phone's API and reference only skill-local files (config.yaml, references/INDEX.md). However, the skill explicitly exposes sensitive phone operations (contacts, SMS, photos, camera, file reads, calls) — these are expected for a remote-control tool but are high-sensitivity actions and require explicit user permission on the phone.
- Install Mechanism
- okNo install script or external downloads are included; the skill is instruction-plus-local Python script. No remote URLs or extract/install steps are present, so nothing arbitrary is fetched or executed at install time.
- Credentials
- noteThe skill declares no required environment variables or credentials. The only local configuration is config.yaml (which may store an optional vision LLM api_base/api_key if user enables that feature) — storing API keys in that file would be user-supplied and should be considered plaintext. The skill's broad set of phone permissions is proportionate to its stated features but sensitive; there are no unrelated external credentials requested.
- Persistence & Privilege
- notealways is false and the skill can be invoked autonomously (platform default). Combined with the skill's ability to perform privileged phone actions, autonomous invocation means the agent could perform phone operations without interactive confirmation — this is expected for a remote-control skill but worth user attention.