Description

Guide users through ClawPaw Android setup — installing the APK, granting permissions, connecting SSH tunnel, and verifying the full LLM-to-phone control chai...

README (SKILL.md)

ClawPaw Setup Guide

Name: ClawPaw Phone Control
Author: wzliu888

Walk the user through the complete setup step by step. Check each step before proceeding to the next. Use the scripts in the scripts/ directory to automate checks.

Step 1 — Check Prerequisites

Run the adb check script:

bash .claude/skills/clawpaw-setup/scripts/check-adb.sh

If STATUS:NO_ADB: guide user to install adb, then re-run. If STATUS:NO_DEVICE: guide user to connect USB and enable USB Debugging. If STATUS:DEVICE_FOUND: proceed to Step 2.

Step 2 — Install APK

Ask the user if the ClawPaw app is already installed on the phone.

If not installed, build and install via adb:

# Build from source (requires Android Studio or Gradle)
cd android && ./gradlew assembleDebug
adb install -r app/build/outputs/apk/debug/app-debug.apk

Or guide the user to install manually from Android Studio (Run button).

After install, ask the user to:

Open the ClawPaw app
Tap Connect
Wait for Backend connection and SSH tunnel to show green dots

Step 3 — Grant Permissions (USB connected)

Run the permissions script:

bash .claude/skills/clawpaw-setup/scripts/grant-permissions.sh

This grants 3 permissions:

WRITE_SETTINGS — brightness control
WRITE_SECURE_SETTINGS — auto-enable accessibility service
adb tcpip 5555 — enable wireless ADB over SSH tunnel

Then ask the user to check the phone for any permission dialogs and tap Allow.

Step 4 — Verify SSH Tunnel

Ask the user to open the ClawPaw app and confirm both rows show a green dot:

Backend connection (WebSocket)
SSH tunnel (SSH reverse tunnel)

If SSH tunnel shows Disconnected or Error:

Tap the Retry button next to the SSH tunnel status
If still failing, restart the app

Step 5 — Connect ADB (first time or after Pod restart)

Get the user's UID and Secret from the ClawPaw app main screen, then run:

bash .claude/skills/clawpaw-setup/scripts/reconnect-adb.sh \x3Cuid> \x3Csecret>

If output shows failed to authenticate:

Tell user to look at the phone screen for an "Allow USB debugging?" dialog
Tap Always allow from this computer, then OK
Run the script again

If output shows already connected or connected to: proceed.

Step 6 — End-to-End Verification

Run these curl commands with the user's credentials to confirm the full chain works:

# 1. Press home button
curl -sk -X POST https://www.clawpaw.me/api/adb/press_key \
  -H "Content-Type: application/json" \
  -H "x-clawpaw-secret: \x3CSECRET>" \
  -d '{"uid":"\x3CUID>","key":"home"}'
# Expected: {"success":true,"data":""}

# 2. Take screenshot
curl -sk -X POST https://www.clawpaw.me/api/adb/screenshot \
  -H "Content-Type: application/json" \
  -H "x-clawpaw-secret: \x3CSECRET>" \
  -d '{"uid":"\x3CUID>"}' | python3 -c "
import sys,json,base64
d=json.load(sys.stdin)
if d.get('success') and d.get('data',{}).get('data'):
    open('/tmp/phone_screen.png','wb').write(base64.b64decode(d['data']['data']))
    print('Screenshot saved to /tmp/phone_screen.png')
else:
    print('FAILED:', d)
"

Read /tmp/phone_screen.png and show it to the user to confirm.

Step 7 — Configure MCP (optional)

To use ClawPaw tools directly in Claude Code (snapshot, tap, screenshot, etc.), add to ~/.claude.json:

"clawpaw": {
  "type": "stdio",
  "command": "node",
  "args": ["\x3Cpath-to-repo>/mcp/dist/index.js"],
  "env": {
    "CLAWPAW_BACKEND_URL": "https://www.clawpaw.me",
    "CLAWPAW_UID": "\x3CUID>",
    "CLAWPAW_SECRET": "\x3CSECRET>"
  }
}

Then restart Claude Code.

Troubleshooting

Error	Cause	Fix
`device offline`	ADB TCP mode not set	Re-run Step 3 with USB connected
`INJECT_EVENTS permission denied`	USB debugging (Security settings) not enabled	Settings → Developer Options → USB debugging (Security settings) → ON
`WRITE_SETTINGS not granted`	Step 3 was skipped	Run `grant-permissions.sh` with USB connected
`SSH: Disconnected`	MIUI killed the service	Settings → Battery → ClawPaw → No restrictions; lock app in recents
`failed to authenticate`	New adb server, phone needs to approve	Check phone for Allow USB debugging dialog
Screenshot is black	Screen is off	Press power key first, or `adb shell input keyevent KEYCODE_WAKEUP`

Usage Guidance

This skill appears to implement what it claims (full remote control of an Android phone), but it exercises very powerful capabilities — notification access, accessibility, secure-settings, camera/audio, location, and the ability to execute commands via adb/SSH. Before installing or running any steps: 1) Verify the app and backend (https://www.clawpaw.me) are from a trusted, known vendor and ask for source/homepage/signing proof; 2) Do not blindly grant WRITE_SECURE_SETTINGS/WRITE_SETTINGS or accessibility/notification access unless you trust the app and understand the implications; 3) Avoid storing long-lived secrets unencrypted in ~/.claude.json — prefer ephemeral tokens or ensure the file is protected; 4) The included curl calls use -k (--insecure) which disables TLS certificate verification — remove -k or ensure proper certificate validation to avoid MITM risk; 5) Review the APK you install (and its signing) before installing; 6) If you’re uncomfortable with storing credentials or granting these permissions, do not proceed. If you want higher confidence, ask the publisher for a homepage, source repository, signed APK, and a privacy/security explanation for data handling and retention.

Capability Analysis

Type: OpenClaw Skill Name: clawpaw-phone-control Version: 1.0.0 The bundle implements a remote Android control framework that establishes a persistent reverse SSH tunnel and enables wireless ADB (tcpip 5555) via the 'clawpaw-setup' skill and associated scripts. It grants high-risk permissions like WRITE_SECURE_SETTINGS and provides detailed instructions for an AI agent to interact with sensitive apps (WhatsApp, Instagram, Feishu) and exfiltrate data (notifications, photos, location). While these capabilities are aligned with the stated goal of 'LLM-to-phone control' and include user confirmation prompts, the architecture relies on a third-party backend (www.clawpaw.me) and creates a significant security risk by maintaining a remote access backdoor.

Capability Assessment

✓ Purpose & Capability

Name/description (remote phone control via an app + adb/SSH tunnel) align with the included scripts and many use-case SKILL.md files. Requests to run adb, install an APK, grant WRITE_SETTINGS/WRITE_SECURE_SETTINGS, and exchange UID/SECRET with a backend are coherent for full device control.

ℹ Instruction Scope

Runtime instructions stay within phone-control scope (install APK, grant permissions, open SSH tunnel, use MCP tools, read notifications, take screenshots). However the skill instructs reading/writing local files (saving screenshot to /tmp) and instructs storing secrets in ~/.claude.json and using them in curl requests; those behaviors are sensitive but expected for this capability. Worth noting: many example use-cases require access to notifications, camera, microphone, location and ability to take actions on the phone — these are intrinsically high-privilege actions.

✓ Install Mechanism

This is instruction-first with small helper scripts in-repo (no external install/download of code by the skill itself). The ADBKeyboard instruction references a GitHub release URL (reasonable). No remote arbitrary binary download/install by the skill on the host machine is performed by the skill itself.

⚠ Credentials

The skill does not declare env vars but instructs the user to provide UID/SECRET from the phone and to add CLAWPAW_UID/CLAWPAW_SECRET to ~/.claude.json. Storing an unencrypted secret locally and passing it to https://www.clawpaw.me is sensitive. The scripts also request WRITE_SECURE_SETTINGS and notification/accessibility permissions — powerful capabilities that permit broad device control and data access. The use of these permissions is consistent with the stated functionality but is high-risk and should be confirmed by the user.

✓ Persistence & Privilege

always:false and disable-model-invocation:true reduce autonomous risk. The skill does instruct adding credentials to a local Claude config for optional MCP integration (explicit user action). The skill does not request forced global inclusion or modify other skills' configs.

Version History

v1.0.0

Initial release: step-by-step setup guide for connecting and controlling Android phones via ClawPaw. - Guides users through prerequisites, APK install, permissions, SSH tunnel, ADB, and end-to-end tests. - Includes troubleshooting tips for common setup errors. - Automates device and permission checks using included Bash scripts. - Supports MCP integration for advanced remote phone controls from Claude Code.

Metadata

Slug clawpaw-phone-control

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is ClawPaw Phone Control?

Guide users through ClawPaw Android setup — installing the APK, granting permissions, connecting SSH tunnel, and verifying the full LLM-to-phone control chai... It is an AI Agent Skill for Claude Code / OpenClaw, with 311 downloads so far.

How do I install ClawPaw Phone Control?

Run "/install clawpaw-phone-control" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is ClawPaw Phone Control free?

Yes, ClawPaw Phone Control is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does ClawPaw Phone Control support?

ClawPaw Phone Control is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created ClawPaw Phone Control?

It is built and maintained by wzliu888 (@wzliu888); the current version is v1.0.0.

More Skills

ClawPaw Phone Control