Back to skill
Skillv3.0.0
VirusTotal security
Android GUI Automation · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 12:16 PM
- Hash
- f8ca01e058933324c175c2de470b43f513c92c96be622386765ce8b14ecc0089
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: android-gui-automation Version: 3.0.0 The skill bundle provides extensive Android GUI automation capabilities via uiautomator2. While the provided Python scripts (u2_mcp_server.py and android_automation.py) focus on UI interactions like clicking and price monitoring, the SKILL.md documentation explicitly lists high-risk tools including 'shell' (arbitrary command execution), 'push_file'/'pull_file' (file system access), and 'get_clipboard' (access to sensitive data). Providing an AI agent with such broad permissions on a mobile device—especially shell access—presents a significant security risk for remote code execution (RCE) or data theft, although no evidence of intentional malice or exfiltration of host secrets was found in the provided code.
- External report
- View on VirusTotal