ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Android Adb

v0.1.0

Execute Android ADB (Android Debug Bridge) commands for device management, app management, debugging, and automation. Use when the user requests any ADB-rela...

0· 18·0 current·0 all-time
by@cwener
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match observed behavior: all required actions (device listing, install/uninstall, logcat, screenshots, push/pull, etc.) are implemented in the included reference and scripts. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
Instructions map user intents to concrete ADB commands and included scripts; dangerous ADB operations are flagged and require explicit confirmation. Notable behavior: the runtime rules instruct opening new system terminal windows for long outputs (macOS/Linux commands provided), which is within purpose but interacts with the user's GUI environment and may be surprising in headless contexts.
Install Mechanism
The skill includes an install_adb.sh that downloads platform-tools from dl.google.com and extracts them into the skill's tools/ directory (no sudo, no PATH modification). The download source is the official Google host (expected), but the installer writes extracted binaries into disk under the skill directory—this is reasonable for an ADB helper but is a non-trivial filesystem action to be aware of.
Credentials
The skill requests no environment variables or external credentials. Scripts only seek local adb binaries (system SDK locations or the skill-local sandbox). There are no requests for unrelated secrets or config paths.
Persistence & Privilege
always is false and the skill does not modify system PATH or other skills' configurations. It can install platform-tools under the skill directory (user-removable) and open terminal windows to show output—both are scoped to this skill and justified by its purpose.
Assessment
This skill appears coherent for running ADB commands. Before installing or running it, note: (1) it can download and extract Android platform-tools into the skill's tools/ directory (from dl.google.com); review or refuse that install if you prefer to use a system adb. (2) ADB can perform destructive operations (factory reset, uninstall, pm clear, fastboot/flash); the skill requires explicit confirmation for flagged dangerous commands, but you should still confirm each destructive action. (3) The skill may open local terminal windows to display long-running logs—this requires GUI access and may behave oddly on headless servers. If you need stricter isolation, run commands manually or ensure the skill uses only your preinstalled adb binary.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dfqv5k3pbe42738kt8a0x7184q4jn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments