Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Android Remote Control
v1.0.0Զ�̿��� Android �豸��֧�ֽ�ͼ������������� App ������ʹ�� uiautomator2 ��Ϊ�ײ����棬ͨ�� ADB �����豸�����û���Ҫ��(1) �鿴�ֻ���Ļ��(2) �Զ��������ֻ� App��(3) Զ�̰�װ/ж��������(...
⭐ 0· 757·8 current·8 all-time
by@eyedark
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's stated purpose (remote control of Android devices via uiautomator2/ADB) matches the included code which connects to a device, screenshots, clicks, and starts apps. However, the manifest declares no required binaries or Python packages while the code imports uiautomator2 and depends on adb being available. The code also force-adds a hard-coded Windows path for a third-party product (Camo Studio) to PATH — an unexpected implementation choice and an inconsistent requirement.
Instruction Scope
SKILL.md instructs the user to ensure a USB-connected device and mentions a default ADB path; it does not instruct the agent to read unrelated system files or exfiltrate data. It does not, however, document the need to install the Python dependency (uiautomator2) or any safety/consent checks before controlling a device.
Install Mechanism
There is no install spec (instruction-only plus small Python scripts). That reduces installation risk, but the package contains Python code that requires the external library uiautomator2 and an ADB binary; those requirements are not declared or installed by the skill, which is an inconsistency the user should be aware of.
Credentials
The skill requests no credentials or config paths, which is appropriate. But it mutates the process PATH by unconditionally appending a specific Windows path (C:\Program Files (x86)\Camo Studio\Adb). This is disproportionate/unexpected: it assumes a specific third-party ADB location, may hide which adb binary will be used, and could cause the process to use an unintended adb executable if present.
Persistence & Privilege
The skill does not request always:true, does not persist configuration beyond its process, and does not modify other skills or system-wide settings. Autonomous invocation is allowed (platform default) but not combined with other high privileges.
What to consider before installing
This skill will control any Android device reachable via ADB on the machine where it runs (take screenshots, click, start apps). Before installing: 1) Verify the skill's source and reviewer trustworthiness — the repository/homepage is missing. 2) Review the two Python scripts yourself; they perform device I/O and modify PATH only in-process. 3) Be cautious about the hard-coded ADB path: ensure there isn't an unexpected/malicious adb binary at C:\Program Files (x86)\Camo Studio\Adb if you run this on Windows. 4) Expect to manually install the Python dependency (uiautomator2) and adb if you want it to work — these are not declared. 5) Run in an isolated environment (VM/container) if you are not confident, and only connect devices you control and consent to be automated.Like a lobster shell, security has layers — review code before you run it.
latestvk974474e61n0phhd45m51yvacd81syfg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.