ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Mobile Appium Test

v1.0.0

Android UI automation testing using Appium with USB-connected real devices. Use when the user wants to run Appium tests on physical Android devices connected...

0· 548·3 current·3 all-time
by@never112
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description ask for Appium + ADB usage and the SKILL.md exclusively references those tools and operations; declared tool requirements (adb, appium) match the stated purpose.
Instruction Scope
Instructions are limited to ADB/Appium commands, device checks, and common test flows (install, screenshots, logs). One potentially sensitive recommendation is starting Appium with --relaxed-security, which broadens server capabilities and should be used intentionally. The guide does not attempt to read unrelated system files, env vars, or external endpoints beyond the local Appium server.
Install Mechanism
No install spec or code is included (instruction-only). The guide suggests installing Appium Doctor via npm for user setup, which is appropriate for the purpose and not enforced by the skill itself.
Credentials
No environment variables, credentials, or config paths are requested. All operations require local developer tools and device access only, which is proportional to device testing.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request permanent presence or system-wide configuration changes. Be aware that an agent permitted to execute these instructions could run local adb/appium commands if given that capability.
Assessment
This appears to be a straightforward how-to for local Appium/ADB testing and is internally consistent. Before using: ensure adb and Appium are installed from official sources; only run app installs (adb install) and APKs you trust; avoid enabling --relaxed-security on a machine you don’t control or expose to untrusted networks; and be mindful that if you allow an agent to run these instructions autonomously it could execute adb/appium commands against devices connected to your host—only grant that capability if you understand and trust the agent.

Like a lobster shell, security has layers — review code before you run it.

latestvk973fm77adz4r4bs4b6cr2he2981zw6x

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📱 Clawdis

Comments