ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Android Control

v0.1.1

Control an Android device via command-line tools (uiautomator, screencap, input, am). Automatically attempts non-root execution first and falls back to root...

1· 602·0 current·0 all-time
by@kv0768
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with the instructions: the SKILL.md drives uiautomator, screencap, input, and am and explicitly supports a su fallback. The metadata lists the expected Android binaries (uiautomator, input, am, screencap) as optional, which is proportionate to the described capability.
!
Instruction Scope
The SKILL.md assumes it runs in an environment that already has Android CLI tools available but does not specify HOW to reach the Android device (adb shell, direct device execution, ssh, etc.). It runs commands that read device files (/sdcard/ui_dump.xml) and produce screenshots, and it will retry under su (root). It also uses utilities not listed in metadata (cat, base64) — these may not exist on all Android shells or could be resolved to host utilities if run on the wrong machine. The lack of explicit connection/context instructions raises a real risk that these commands could be executed on an unintended host or without required safeguards.
Install Mechanism
Instruction-only skill with no install spec or downloaded artifacts. This minimizes install-time risk since nothing is written to disk by an installer.
Credentials
The skill requests no environment variables or credentials, which is proportionate. However, it does instruct escalation to root (su) on the target device — necessary for some device operations but also a sensitive capability.
Persistence & Privilege
always is false and the skill is not force-included. The skill permits running root-mode commands on whatever shell the agent uses; autonomous invocation combined with connectivity to an Android device could allow the agent to perform sensitive actions (screenshots, UI dumps, installing or launching apps) without additional confirmation. This is expected for a remote-control skill but is worth guarding with confirmations and explicit targeting.
What to consider before installing
This skill is coherent for controlling an Android device, but review these items before enabling it: 1) Clarify execution context: ensure the agent will execute these commands on an intended Android device (for example via 'adb shell' or a controlled device session), not on your local host. 2) Root fallback: the skill will call su and run commands as root if non-root fails — confirm you want the agent to have that ability and require explicit user consent before root actions. 3) Missing utilities: SKILL.md uses cat and base64 but they are not declared; verify those tools exist on the target device or adjust instructions. 4) Sensitive outputs: UI dumps and screenshots can expose personal data — restrict usage to trusted devices and require explicit permission. 5) Test in a safe environment first (a disposable device or emulator) and consider adding explicit prompts/confirmation in the SKILL.md before any destructive or root-level commands are executed.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

📱 Clawdis
Binssh
latestvk976dqx3ft4bxgxg095xrm51xn8270fy
602downloads
1stars
2versions
Updated 5h ago
v0.1.1
MIT-0
@kv0768
latest
Download

Android Control Skill

Control an Android phone directly from Clawdbot using built-in Android CLI tools.
The skill always tries normal (non-root) commands first; if they fail, it automatically retries with root mode (su) when available.

Features

  • Get UI hierarchy snapshot via uiautomator dump
  • Capture screen using screencap
  • Simulate taps, swipes, and input events via input
  • Launch apps using am start
  • Auto retry with root if non-root fails

Setup

Most Android ROMs include uiautomator, input, screencap, and am.

To enable root fallback, install Magisk or run:

su

Usage

Get UI Snapshot (uiautomator dump)

# Try non-root
uiautomator dump /sdcard/ui_dump.xml 2>/dev/null \
  && cat /sdcard/ui_dump.xml \
  || (
    # Fallback to root
    su -c "uiautomator dump /sdcard/ui_dump.xml" && su -c "cat /sdcard/ui_dump.xml"
  )

Take Screenshot (PNG, base64 encoded)

TMP="/sdcard/ai_screen.png"

# Try non-root
screencap -p "$TMP" 2>/dev/null \
  && base64 "$TMP" \
  || (
    # Root fallback
    su -c "screencap -p $TMP"
    su -c "base64 $TMP"
  )

Tap on Screen

# Example: tap at (540, 1600)

input tap 540 1600 2>/dev/null \
  || su -c "input tap 540 1600"

Swipe on Screen

# Example: swipe from (500, 1600) to (500, 600) over 300ms

input swipe 500 1600 500 600 300 2>/dev/null \
  || su -c "input swipe 500 1600 500 600 300"

Launch an App

# Example: launch Android Settings

am start -n com.android.settings/.Settings 2>/dev/null \
  || su -c "am start -n com.android.settings/.Settings"

Send Text Input

# Example: send text "Hello"

input text "Hello" 2>/dev/null \
  || su -c "input text 'Hello'"

Comments

Loading comments...