ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Another

v1.0.0

Control Android devices from AI agents using the Another MCP server. Use when asked to interact with, test, automate, or take screenshots of an Android devic...

1· 41·0 current·0 all-time
byChiziaruhoma Ogbonda@zfinix
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description match the SKILL.md. Required capabilities (connect, screenshot, touch, swipe, launch app, adb shell) are exactly what a device-control skill needs; there are no unrelated environment variables, binaries, or config paths requested.
Instruction Scope
Instructions stay within the device-control domain, but they explicitly allow arbitrary adb shell commands and capturing screenshots. Those are expected for this purpose but are high-privilege operations on the controlled device (can read data, change settings, exfiltrate info). The workflow does not mandate user confirmation for sensitive operations.
Install Mechanism
This is instruction-only with no install spec and no code files, so nothing is written to disk by the skill itself. That reduces installation risk.
Credentials
The skill declares no environment variables, credentials, or config paths. The local MCP server URL (http://localhost:7070/mcp) is documented in the SKILL.md and is consistent with the described setup.
Persistence & Privilege
The skill is not marked always:true and does not request persistent system-wide privileges. Note the platform default allows autonomous invocation of skills; combine that with the tool's power (adb shell, screenshots) when deciding trust.
Assessment
This skill appears to do what it says: control an Android device through an Another MCP server. However, it exposes powerful capabilities (taking screenshots, running arbitrary adb shell commands, launching apps, opening URLs) that can access or exfiltrate sensitive data on the device. Before installing or enabling it: 1) Verify you trust the skill author and the Another desktop app you will run (source/build). 2) Only use with devices you control or that are explicitly consented for automation. 3) Consider requiring manual confirmation for sensitive actions (adb shell, open_url). 4) Ensure the MCP server is bound to localhost and not exposed to untrusted networks. 5) Audit screenshots and shell outputs for secrets, and monitor network traffic to the MCP endpoint. If you need higher assurance, ask the author for a code-based implementation or provenance (homepage/repo) before enabling autonomous invocation.

Like a lobster shell, security has layers — review code before you run it.

latestvk9760d750z63skahq0ks5dpbgn83x4tj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Another - Android Device Control

You have access to an Android device through the Another MCP server. Use these tools to see what's on screen, interact with the device, and automate tasks.

Setup

The Another desktop app must be running with MCP Server enabled (on by default in Settings).

Configure your MCP client:

{
  "mcpServers": {
    "another": {
      "url": "http://localhost:7070/mcp"
    }
  }
}

Workflow

Always follow this order:

  1. List devices to see what's available
  2. Connect to establish a control session
  3. Screenshot to see the current screen state
  4. Act using touch, text, buttons, swipe, etc.
  5. Screenshot again to verify the result
  6. Disconnect when done

Available Tools

Device Management

ToolWhat it does
another_list_devicesList all connected Android devices
another_connect_deviceConnect to a device (starts scrcpy control session)
another_disconnect_deviceDisconnect from the current device

Observation

ToolWhat it does
another_take_screenshotCapture the screen as a PNG image

Input

ToolWhat it does
another_press_buttonPress a hardware button: home, back, recents, power, volume_up, volume_down
another_send_textType text into the focused input field
another_send_touchSend a touch event (down, up, move) at normalized coordinates (0.0-1.0)
another_send_scrollScroll at a position with a given delta
another_swipeSwipe from one point to another (normalized 0.0-1.0 coordinates)

Apps & Shell

ToolWhat it does
another_launch_appLaunch an app by package name (e.g. com.android.chrome)
another_open_urlOpen a URL in the device's default browser
another_shellRun an arbitrary adb shell command and get the output

WiFi

ToolWhat it does
another_wifi_enableSwitch a USB device to WiFi debugging mode
another_wifi_connectConnect to a device by IP address
another_wifi_disconnectDisconnect a WiFi device
another_get_device_ipGet the WiFi IP of a USB-connected device

Coordinate System

Touch, swipe, and scroll tools use normalized coordinates from 0.0 to 1.0:

  • (0.0, 0.0) = top-left corner
  • (1.0, 1.0) = bottom-right corner
  • (0.5, 0.5) = center of screen

Common Patterns

Tap on something

another_send_touch { action: "down", x: 0.5, y: 0.5 }
another_send_touch { action: "up", x: 0.5, y: 0.5 }

Tap, then verify

1. another_take_screenshot  (see what's on screen)
2. another_send_touch       (tap where you need to)
3. another_take_screenshot  (verify the result)

Type into a field

1. Tap the input field with another_send_touch
2. another_send_text { text: "hello world" }

Scroll down a page

another_send_scroll { x: 0.5, y: 0.5, dx: 0.0, dy: -1.0 }

Swipe to go back or navigate

another_swipe { from_x: 0.0, from_y: 0.5, to_x: 0.5, to_y: 0.5 }

Navigate with buttons

another_press_button { button: "home" }
another_press_button { button: "back" }
another_press_button { button: "recents" }

Open an app and interact

1. another_launch_app { package: "com.android.chrome" }
2. Wait briefly, then another_take_screenshot
3. Interact as needed

Find an element on screen

Take a screenshot, examine it to identify positions, then use the coordinates to interact. Screenshots are the primary way to understand what's visible on the device.

Run a shell command

another_shell { command: "pm list packages" }
another_shell { command: "dumpsys battery" }
another_shell { command: "settings get system screen_brightness" }

Tips

  • Always screenshot first before interacting. You need to see the screen to know where to tap.
  • Screenshot after actions to confirm they worked.
  • Use shell commands for things that don't need the screen (checking battery, listing packages, getting device info).
  • Swipe duration defaults to 300ms. Increase duration_ms for slower, more deliberate swipes.
  • Connect before acting. Tools like press_button, send_text, send_touch, swipe require an active connection via another_connect_device.
  • list_devices, shell, take_screenshot, wifi_ tools* work without a scrcpy connection, they only need adb.

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…