android-auto-controller

What to consider before installing: - Privacy: The script takes full screenshots and sends them (base64) to the configured VLM endpoint. Only use this if you fully trust the model provider and the network path; avoid using with devices containing private/financial/personal data. Prefer a locally-hosted VLM (VLM_BASE_URL pointing to localhost) when possible. - Secrets storage: The guide suggests storing VLM_API_KEY in ~/.openclaw/config.json. That file will contain a long-lived secret—make sure your machine and the config file are protected (file permissions, secret rotation). - Prompt-injection: The SKILL.md contained unicode-control characters flagged by the scanner. Inspect the file for hidden characters or manipulative content before enabling. - Device risk: The tool uses uiautomator2 and will install an ATX daemon on your phone (python -m uiautomator2 init) and requires USB debugging and potentially “USB debugging (security settings)”. Understand and accept the security implications and test on a non-critical device first. - Least privilege & testing: Run the skill in a controlled environment first (throwaway device, local VLM) to validate behavior. Review the included python script to ensure no unexpected network endpoints or logging of secrets exist beyond the VLM endpoint you configured. - If you need more assurance: ask the author for (1) code signing or a trustworthy source/homepage, (2) a reproducible way to run the VLM locally, and (3) a complete audit of where screenshots/metadata are sent and retained. Given the combination of screenshot exfiltration risk and the injection signal, proceed only after verifying the VLM endpoint and the SKILL.md contents. If you want, I can list the exact lines in scripts/android_agent.py that send data out and explain how to run it safely (local VLM, file-permission suggestions, or a sanitized test run).