1ai Autodroid

The skill is coherent for Android automation, but its runtime instructions and recommended installs enable broad, sensitive access (SMS, contacts, notifications, camera, location, auto-unlock) and direct data (screenshots) to external image/AI tools; installing the third‑party Accessibility APK (ClawPaw) and storing PINs materially increases risk — proceed with caution and verify sources and permissions first.

This skill appears to do what it says (automate Android devices), but it asks you to enable and install components that can access very sensitive data (SMS, contacts, notifications, camera, clipboard, location) and to store unlock PINs. Before installing or using it: (1) Only install ClawPaw/cua and CLI from a trusted, verifiable source — inspect the GitHub repo, check release signatures, and prefer official releases. (2) Prefer using ADB over a USB-connected, controlled device rather than installing an Accessibility APK on a primary phone. (3) Do NOT pass screenshots or bank screens to external image/AI services unless you trust where those images go. (4) Avoid storing real bank PINs or credentials in automation tools; use throwaway devices/accounts when testing. (5) Review and limit Accessibility permissions and remove the APK/service when not needed. (6) If you need stronger assurance, ask the author for source code for the ClawPaw APK and the cua CLI build artifacts, or run the automation only on devices you can wipe. Additional info that would change this assessment: verified provenance and signatures for the ClawPaw APK/CLI, explicit details about what 'image tool' endpoint is used, or a policy that restricts where captured images/notifications are sent.