手机操控 Agent (蓝蓝版)
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could accidentally send a message, click the wrong button, stop an app, or perform actions inside logged-in phone apps as the user.
The skill explicitly enables UI input and a message-send workflow. The artifacts do not show a required confirmation step before high-impact actions such as sending messages or manipulating apps.
执行 UI 操作:点击、滑动、输入文字、按键 ... 打开 App、搜索联系人、发送简单消息 ... 点击发送按钮
Use only with explicit user direction and add/require confirmations before sending messages, purchases, payments, account changes, app stops, or other irreversible actions.
Granting this access lets the automation operate the phone with the user's existing app sessions and permissions.
ADB USB debugging grants device-level control. This is disclosed and purpose-aligned, but it is a high-privilege mode that can act inside apps already logged in on the phone.
⚠️ 需要 USB 调试权限 ... 开启"USB 调试(安全设置)"
Enable USB debugging only for trusted computers, keep the phone visible while operating, and turn off debugging/security settings after use if they are not needed.
Screenshots or UI text may contain private messages, contacts, notifications, account details, or other sensitive information.
The script captures the phone screen and writes it to a temporary local file. UI dumps are similarly pulled from the device, so visible private content can enter local files and the agent context.
save_path = tempfile.mktemp(suffix='.png') ... adb(['exec-out', 'screencap', '-p'], binary=True) ... f.write(out)
Avoid using it on sensitive screens, understand where temporary files are saved, and delete screenshots/UI dumps when finished.
Users have less external provenance information for deciding whether the phone-control code is trustworthy.
The supplied registry data does not provide an upstream source or install provenance. This is a note rather than a concern because the reviewed artifacts include the main script and no hidden installer is shown.
Source: unknown; Homepage: none ... No install spec — this is an instruction-only skill.
Review the included code before use and prefer skills with a verifiable source repository or publisher history.