Back to skill
Skillv1.0.0
VirusTotal security
ClawPaw Phone Control · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 6:00 AM
- Hash
- 75d167ee0d750532120bd4c4c25fbb7f696e4c585281112dc16abaaa094583a6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: clawpaw-phone-control Version: 1.0.0 The bundle implements a remote Android control framework that establishes a persistent reverse SSH tunnel and enables wireless ADB (tcpip 5555) via the 'clawpaw-setup' skill and associated scripts. It grants high-risk permissions like WRITE_SECURE_SETTINGS and provides detailed instructions for an AI agent to interact with sensitive apps (WhatsApp, Instagram, Feishu) and exfiltrate data (notifications, photos, location). While these capabilities are aligned with the stated goal of 'LLM-to-phone control' and include user confirmation prompts, the architecture relies on a third-party backend (www.clawpaw.me) and creates a significant security risk by maintaining a remote access backdoor.
- External report
- View on VirusTotal