← Back to Skills Marketplace
phonebase
by
phonebase-cloud
· GitHub ↗
· v1.0.0
· MIT-0
63
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install phonebase
Description
Control Android cloud phones via the `pb` CLI. Make sure to use this skill whenever the user mentions logging into apps, installing apps, browsing on a phone...
Usage Guidance
This skill appears coherent with its stated goal, but keep these practical points in mind before using it: 1) pb and the cloud-phone service can access and display sensitive data (screenshots, app UIs, files). Do not ask the agent to operate on highly sensitive accounts or private data without explicit user consent. 2) The SKILL.md asks you to authenticate yourself via pb login in your browser — never paste credentials into the chat or skill. 3) Because the skill recommends using pb instead of desktop tools, ensure that using a third-party cloud phone is appropriate for the task (some sites treat logins from cloud phones differently or flag them). 4) Verify the pb CLI you install is the official package (check package source, maintainers, and homepage) before running npm install -g. 5) If you need the agent to perform particularly sensitive actions (banking, password resets, access to private files), prefer to run pb commands yourself or review each command the agent proposes before execution. If you want more assurance, ask for the pb CLI project homepage or documentation so you can audit the client/service before use.
Capability Analysis
Type: OpenClaw Skill
Name: phonebase
Version: 1.0.0
The phonebase skill bundle provides an interface for controlling Android cloud phones via the `pb` CLI, including high-risk capabilities such as raw shell execution (`pb shell`), file synchronization (`pb push`/`pb pull`), and application management (`pb install`). While these features are aligned with the stated purpose of mobile automation and the `SKILL.md` file includes explicit security guidance for the agent (e.g., warning against prompt injection from remote screen content and advising against constructing shell commands from untrusted input), the broad access to device internals and local filesystem interaction meets the threshold for a suspicious classification.
Capability Assessment
Purpose & Capability
The name/description say it controls Android cloud phones via the pb CLI and the SKILL.md only references pb commands, device interaction, and UI observation. There are no unrelated environment variables, unrelated binaries, or install steps requested — the capability and requirements match.
Instruction Scope
Instructions are narrowly focused on pb usage (version check, connect, dumpc, screencap, tap/text/swipe, app management). The doc explicitly instructs the agent not to handle user credentials and to have the user run installation/authentication steps. It also warns about shell-injection risks when composing commands from untrusted input. Note: the skill expects the agent to read device UI and screenshots (which is necessary for the purpose) — this is expected but involves potentially sensitive data on the device.
Install Mechanism
This is an instruction-only skill with no install spec or code to write to disk. That is the lowest-risk install model and matches the skill's description. The SKILL.md asks the user to install pb themselves (npm install -g phonebase-cli) rather than running installs automatically.
Credentials
The skill declares no required environment variables or credentials; authentication is delegated to the user's browser flow via pb login. This is proportionate. Note that pb itself (and the cloud phone) may surface sensitive data (screenshots, UI trees, files) — that sensitivity is inherent to the feature, not to the skill requesting excessive environment access.
Persistence & Privilege
always is false and the skill does not request persistent system-wide configuration, nor does it attempt to modify other skills. Autonomous invocation is allowed (platform default) but that alone is not a coherence or privilege mismatch.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install phonebase - After installation, invoke the skill by name or use
/phonebase - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of phonebase skill — control Android cloud phones via the pb CLI.
- Enables remote management of Android devices through structured pb commands.
- Handles tasks like app installation, login, browsing, input, screenshots, and device management.
- Prioritizes alias commands for clarity and reliability over raw shell commands.
- Provides guidance on authentication, device connection, and safe command usage.
- Includes comprehensive command reference and examples for common Android operations.
- Strongly emphasizes security best practices and structured output over manual command construction.
Metadata
Frequently Asked Questions
What is phonebase?
Control Android cloud phones via the `pb` CLI. Make sure to use this skill whenever the user mentions logging into apps, installing apps, browsing on a phone... It is an AI Agent Skill for Claude Code / OpenClaw, with 63 downloads so far.
How do I install phonebase?
Run "/install phonebase" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is phonebase free?
Yes, phonebase is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does phonebase support?
phonebase is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created phonebase?
It is built and maintained by phonebase-cloud (@bittired); the current version is v1.0.0.
More Skills