← Back to Skills Marketplace
101
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install mobile-master
Description
移动安全SKILL 协助逆向
Usage Guidance
This skill appears to be a toolbox for Android reverse engineering (frida, adb, dexdump, apktool). Before installing: 1) Verify and trust the source (homepage unknown; README points to a GitHub repo). 2) Expect to need adb, frida (and frida-server on a rooted device), frida-dexdump and apktool installed on the host — the skill metadata does not declare these prerequisites. 3) Review the provided scripts (they run adb shell, su on the device, forward ports, and adb pull APKs) and only run them against devices you control and with consent. 4) If you plan to allow autonomous agent invocation, be aware the agent could run these scripts and interact with connected devices; restrict use to trusted agents/environments. 5) If you want to proceed, ask the publisher to update the metadata to declare required binaries and to provide a trusted homepage or signed release so you can verify integrity.
Capability Assessment
Purpose & Capability
The skill claims to help Android reverse engineering and its included scripts (frida, adb, frida-dexdump, apktool, jadx references) are consistent with that purpose. However, registry metadata lists no required binaries or environment variables even though the scripts require adb, frida/frida-server, frida-dexdump, apktool and a host with adb access — the omission is an incoherence that could mislead users about what the skill actually needs.
Instruction Scope
SKILL.md is minimal but the included scripts (Start-frida-server.sh, Dexdump.sh, Extract-Installation-Package.sh, Spawn/Attach scripts, Extract-AndroidManifest.xml.sh, frida JS hooks) instruct actions that attach to or spawn processes on Android devices, forward ports, and pull APKs to the host. These actions are within the stated reversing purpose. There are no obvious instructions to read unrelated host secrets or to transmit data to external endpoints, but the scripts will run arbitrary adb/frida commands and pull APKs locally — which is powerful and can be misused if run on sensitive devices.
Install Mechanism
There is no install spec (instruction-only plus bundled scripts), so nothing is downloaded or executed at install time by the platform. The skill will execute local shell commands when invoked; this is lower installer risk but shifts risk to runtime execution.
Credentials
No environment variables or credentials are declared, which superficially looks safe. But scripts implicitly depend on host tools and paths (adb, frida, frida-dexdump, apktool, $HOME/.claude/skills path) and expect device root (Start-frida-server uses su on the device). The lack of declared required binaries is disproportionate to the skill's real needs and may hide operational prerequisites or accidental failures.
Persistence & Privilege
The skill is not always:true and does not request persistent system-wide privileges. It contains scripts that the agent can invoke (disable-model-invocation is false), so an agent could run these scripts if allowed — this is expected for skills that perform operations. There is no evidence the skill modifies other skills or system-wide agent config.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install mobile-master - After installation, invoke the skill by name or use
/mobile-master - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of mobile-master skill for Android reverse engineering and mobile security tasks.
- Added tools and descriptions for dexdump, spawn/attach modes, Frida detection bypass, unpacking, jadx-gui, apktool, APK resigning, manifest extraction, protection detection, and install restriction bypass.
- Provided support commands including starting Frida server, extracting APK, spawning/attaching apps, dumping Dex files, using jadx-gui, and extracting AndroidManifest.xml for permission review.
- Documentation updated with command table and usage descriptions.
Metadata
Frequently Asked Questions
What is mobile-master?
移动安全SKILL 协助逆向. It is an AI Agent Skill for Claude Code / OpenClaw, with 101 downloads so far.
How do I install mobile-master?
Run "/install mobile-master" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is mobile-master free?
Yes, mobile-master is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does mobile-master support?
mobile-master is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created mobile-master?
It is built and maintained by Nop (@nop3z); the current version is v1.0.0.
More Skills