ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

mobizen-gui

v1.0.0

Helps users set up and run MobiZen-GUI to perform mobile-use tasks — automating Android phone operations via natural language. Use when the user wants to con...

4· 73·0 current·0 all-time
by@xjx0524
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md content matches the stated purpose (setting up and running MobiZen-GUI to automate Android devices). Recommended actions (adb, install ADBKeyboard, clone GitHub repo, pip install requirements, supply model API info) are expected. Minor metadata mismatch: registry lists no required credentials or env vars, but the runtime instructions explicitly require an API key/base_url/model_name to send prompts to a model endpoint (stored in my_config.yaml).
!
Instruction Scope
Runtime instructions direct taking screenshots, building prompts that include screenshots, and sending them to whatever model endpoint you configure (OpenAI or third-party). They also instruct the agent to ask the user for an API key and write it into my_config.yaml. This is within the skill's purpose but has clear privacy/exfiltration implications: device screenshots and actions may be transmitted to external services not under your control. The docs also include development-level steps (custom message builders, model client classes) that reference transforming images into data URLs — again implying sending image data to a model.
!
Install Mechanism
There is no formal install spec in the registry (instruction-only), but SKILL.md tells users to pip install packages, clone a GitHub repo, download models from HuggingFace/ModelScope, and run vLLM with --trust-remote-code. Downloading third-party models and using --trust-remote-code can execute arbitrary code from model packages; model downloads from non-official mirrors or ModelScope increase risk. These are reasonable for running local models but represent a higher-risk install/runtime surface that the user must review/trust.
!
Credentials
The skill asks the user to provide model credentials (api_key, base_url, model_name) and to store them in a config file, but the registry metadata declared no required credentials. Requesting an API key is proportionate to the feature (remote model calls), but it increases risk because captured screenshots and phone interactions will be sent to that endpoint. The guidance suggests various providers (OpenAI, third-party, or local Ollama) — choose carefully and avoid giving long-lived/high-privilege keys to untrusted endpoints.
Persistence & Privilege
The skill is not always-enabled and does not request system-wide privileges. It writes/uses a local config file (my_config.yaml) and works with adb devices — expected for mobile automation. There is no attempt to modify other skills or system-wide agent settings in the provided instructions.
What to consider before installing
This skill appears to be what it claims (a MobiZen-GUI setup guide) but contains several privacy and code-execution risks you should consider before proceeding: - Be careful sharing API keys: the agent expects an api_key/base_url/model_name and will send screenshots and prompts to whichever endpoint you provide. Use a limited-scope or throwaway key, or prefer a local model (Ollama) if you must avoid cloud exposure. - Screenshots and device content may contain sensitive data (messages, passwords, notifications). Assume they could be transmitted off-device; disable or mask sensitive apps before testing. - The guide instructs downloading third-party models and running vLLM with --trust-remote-code. That can execute arbitrary code from model packages — only download and run models from sources you trust, and inspect code when possible. - There is no registry-declared credential field — the config-based API key requirement is only in SKILL.md. Treat that as a manual consent point: do not paste high-privilege keys into the config without understanding where requests go. - Review the cloned repository and requirements.txt before running pip install. Consider running in an isolated environment (VM/container) and revoke keys when finished. If you want, I can: (a) highlight exactly where screenshots are created/sent in the MobiZen-GUI repo, (b) produce safe example config values for using a local model, or (c) draft a short checklist to minimize exposure when testing this tool.

Like a lobster shell, security has layers — review code before you run it.

latestvk970pxqd9nf358vnnhc43eg86583e2qy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments