ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Skill

v0.1.14

Your AI CoPilot on Mobile — or give your AI its own phone. Make calls, send SMS, speak via TTS on speakerphone, automate UI, manage files, search media, and 40+ more tools via MCP. Open source, self-hosted, privacy-first.

0· 3.2k·4 current·4 all-time
by@satyajiit
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md describes an Android device-control/co-pilot (UI automation, SMS, calls, files, location, clipboard, TTS, shell-in-sandbox) which is coherent with the stated purpose. However registry metadata omitted required binary information while the SKILL.md metadata declares 'requires: ["node"]' and an MCP URL; this mismatch (registry says no required binaries, SKILL.md says node is required) is inconsistent and should be reconciled.
!
Instruction Scope
The runtime instructions ask you to install/run a server (npm install -g aster-mcp, aster start) and an Android app and to configure OpenClaw callbacks/webhooks so the phone will POST real-time events (notifications, SMS text, possibly media/location) to the agent endpoint. Forwarding phone events to an agent/webhook is expected for this skill but is high-sensitivity — it effectively funnels private phone data to whatever endpoint you configure, and can also wake the agent to act autonomously.
Install Mechanism
No install spec is present in the registry (instruction-only), but SKILL.md instructs using npm (npm install -g aster-mcp) and GitHub releases. npm/GitHub are common distribution channels (traceable), but because the registry does not declare an install, you should verify the package source, release checksums, and repository before running global installs.
!
Credentials
The registry declares no required environment variables, yet the skill will require network configuration (MCP URL) and configuration of an OpenClaw callback endpoint. More importantly, the skill's capabilities include access to SMS, notifications, files, location, clipboard and the ability to initiate calls — these are proportional to mobile-control but are highly sensitive. The SKILL.md's 'Local Storage Only' claim depends on how you configure callbacks/Tailscale; configuring external callbacks could send sensitive data off-network.
Persistence & Privilege
The skill is not marked 'always:true' and is user-invocable; it does not request permanent/platform-level presence in the registry. It does instruct running a long-lived local server and installing an Android app (expected for this functionality) but does not declare elevated registry-level privileges.
What to consider before installing
What to consider before installing: - This skill gives an AI wide control and read access to a phone (read/send SMS, notifications, files, location, clipboard, make calls, run limited shell). Treat it as highly sensitive. - Metadata mismatch: the registry lists no required binaries but SKILL.md requires node and an MCP server — verify this difference and confirm you are comfortable running a local Node server and installing the Android app. - Webhooks/callbacks: by enabling OpenClaw callbacks you allow the phone to POST event data (notification text, SMS, etc.) to the configured agent endpoint; ensure that endpoint is local/trusted, uses TLS and authentication, and will not forward data externally unintentionally. - Source verification: SKILL.md points to a GitHub repo and releases. Review the repository, confirm release integrity (checksums/tags), and prefer running the server in an isolated environment or on a spare device first. - Least privilege: if you test, use a spare device with minimal personal data and restrict network exposure (avoid exposing MCP or callbacks to the open internet; if using Tailscale, apply access controls). - Audit 'aster_execute_shell' and file-access behaviors to confirm the documented sandbox/limits are actually enforced, and confirm the device-approval workflow is enforced in practice. - If you are not comfortable reviewing the code or configuring secure callbacks, do not install this on a primary device. Additional useful info to reduce uncertainty: provide the package name/version on npm, release checksums, and a pointer to the specific commit/release so the code can be audited.

Like a lobster shell, security has layers — review code before you run it.

latestvk970vah7yed13tkkcvezj4127s80nhxg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments