ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Android Armor Breaker

v2.2.2

Android Armor Breaker - Frida-based unpacking technology for commercial to enterprise Android app protections, providing complete APK reinforcement analysis...

1· 214·0 current·0 all-time
by小红星@haonings
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (Frida-based APK unpacking, root memory extraction, DEX extraction) match the included artifacts: multiple Frida JS and Python scripts, an APK analyzer, memory-extraction scripts, and documentation. Required binaries (frida-dexdump, python3, adb) and the pip/apt install recommendations align with the described functionality.
Instruction Scope
Runtime instructions and docs explicitly require a rooted device, frida-server, and adb and instruct local memory reads and Frida-based injection. The SKILL.md and SECURITY.md explicitly warn about the dual-use nature and advise isolation. The scripts do perform high-privilege actions (reading /proc/<pid>/mem, hooking many APIs). No obvious references to unrelated system files or unrelated credentials were found, but because the tool reads process memory it will access potentially sensitive local data — this is expected for the stated purpose.
Install Mechanism
No remote binary downloads or opaque network installers are present in the metadata; SKILL.md suggests installing frida-tools via pip and adb/python via apt which is proportionate. The package bundle includes full source code (no opaque external installer).
Credentials
The skill requests no environment variables or external credentials. It requires root access on the target Android device and ADB/Frida tooling — these are appropriate for root memory extraction and Frida-based unpacking. No unrelated cloud or secret credentials are requested.
Persistence & Privilege
The skill is not force‑enabled (always:false) and does not declare system‑wide persistence. It does require elevated privileges on the target Android device (root) to perform expected operations, which is consistent with the stated functionality. Autonomous invocation is allowed (platform default) but is not combined with other red flags here.
Assessment
This is a legitimate, high‑privilege reverse‑engineering tool that appears to do what it claims. Before installing or running it: 1) Only use it on apps/devices you own or have explicit written permission to analyze. 2) Inspect the bundled scripts (they are provided) — look for any network calls or unexpected behavior; the repo claims no external network calls, but Frida's send() messages send data to the local Frida host, so ensure the Frida host you connect to is trusted. 3) Run in isolated/test environments (disposable devices or emulators), not on personal or production devices, since the tool reads process memory and requires root. 4) Install dependencies from trusted package repositories (pip/apt) and verify versions. 5) Note some code quality issues (e.g., truncated/buggy assignment in apk_protection_analyzer: 'recommendatio' appears to be a typo) — test in a safe lab before relying on results. 6) If you need lower risk: avoid giving this tool access to sensitive devices/accounts and audit any changes it makes to devices. Overall the skill is coherent with its purpose but warrants careful manual review and restricted use due to the sensitive operations it performs.
!
scripts/root_memory_extractor_enhanced.py:50
Potential obfuscated payload detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk97evd54mfx7skgghqfp9bd8fn84rrm2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsfrida-dexdump, python3, adb

Comments