← 返回 Skills 市场

ClawPaw Phone Control

Name: ClawPaw Phone Control
Author: wzliu888

作者 wzliu888 · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

311

总下载

当前安装

版本数

在 OpenClaw 中安装

/install clawpaw-phone-control

功能描述

Guide users through ClawPaw Android setup — installing the APK, granting permissions, connecting SSH tunnel, and verifying the full LLM-to-phone control chai...

使用说明 (SKILL.md)

ClawPaw Setup Guide

Walk the user through the complete setup step by step. Check each step before proceeding to the next. Use the scripts in the scripts/ directory to automate checks.

Step 1 — Check Prerequisites

Run the adb check script:

bash .claude/skills/clawpaw-setup/scripts/check-adb.sh

If STATUS:NO_ADB: guide user to install adb, then re-run. If STATUS:NO_DEVICE: guide user to connect USB and enable USB Debugging. If STATUS:DEVICE_FOUND: proceed to Step 2.

Step 2 — Install APK

Ask the user if the ClawPaw app is already installed on the phone.

If not installed, build and install via adb:

# Build from source (requires Android Studio or Gradle)
cd android && ./gradlew assembleDebug
adb install -r app/build/outputs/apk/debug/app-debug.apk

Or guide the user to install manually from Android Studio (Run button).

After install, ask the user to:

Open the ClawPaw app
Tap Connect
Wait for Backend connection and SSH tunnel to show green dots

Step 3 — Grant Permissions (USB connected)

Run the permissions script:

bash .claude/skills/clawpaw-setup/scripts/grant-permissions.sh

This grants 3 permissions:

WRITE_SETTINGS — brightness control
WRITE_SECURE_SETTINGS — auto-enable accessibility service
adb tcpip 5555 — enable wireless ADB over SSH tunnel

Then ask the user to check the phone for any permission dialogs and tap Allow.

Step 4 — Verify SSH Tunnel

Ask the user to open the ClawPaw app and confirm both rows show a green dot:

Backend connection (WebSocket)
SSH tunnel (SSH reverse tunnel)

If SSH tunnel shows Disconnected or Error:

Tap the Retry button next to the SSH tunnel status
If still failing, restart the app

Step 5 — Connect ADB (first time or after Pod restart)

Get the user's UID and Secret from the ClawPaw app main screen, then run:

bash .claude/skills/clawpaw-setup/scripts/reconnect-adb.sh \x3Cuid> \x3Csecret>

If output shows failed to authenticate:

Tell user to look at the phone screen for an "Allow USB debugging?" dialog
Tap Always allow from this computer, then OK
Run the script again

If output shows already connected or connected to: proceed.

Step 6 — End-to-End Verification

Run these curl commands with the user's credentials to confirm the full chain works:

# 1. Press home button
curl -sk -X POST https://www.clawpaw.me/api/adb/press_key \
  -H "Content-Type: application/json" \
  -H "x-clawpaw-secret: \x3CSECRET>" \
  -d '{"uid":"\x3CUID>","key":"home"}'
# Expected: {"success":true,"data":""}

# 2. Take screenshot
curl -sk -X POST https://www.clawpaw.me/api/adb/screenshot \
  -H "Content-Type: application/json" \
  -H "x-clawpaw-secret: \x3CSECRET>" \
  -d '{"uid":"\x3CUID>"}' | python3 -c "
import sys,json,base64
d=json.load(sys.stdin)
if d.get('success') and d.get('data',{}).get('data'):
    open('/tmp/phone_screen.png','wb').write(base64.b64decode(d['data']['data']))
    print('Screenshot saved to /tmp/phone_screen.png')
else:
    print('FAILED:', d)
"

Read /tmp/phone_screen.png and show it to the user to confirm.

Step 7 — Configure MCP (optional)

To use ClawPaw tools directly in Claude Code (snapshot, tap, screenshot, etc.), add to ~/.claude.json:

"clawpaw": {
  "type": "stdio",
  "command": "node",
  "args": ["\x3Cpath-to-repo>/mcp/dist/index.js"],
  "env": {
    "CLAWPAW_BACKEND_URL": "https://www.clawpaw.me",
    "CLAWPAW_UID": "\x3CUID>",
    "CLAWPAW_SECRET": "\x3CSECRET>"
  }
}

Then restart Claude Code.

Troubleshooting

Error	Cause	Fix
`device offline`	ADB TCP mode not set	Re-run Step 3 with USB connected
`INJECT_EVENTS permission denied`	USB debugging (Security settings) not enabled	Settings → Developer Options → USB debugging (Security settings) → ON
`WRITE_SETTINGS not granted`	Step 3 was skipped	Run `grant-permissions.sh` with USB connected
`SSH: Disconnected`	MIUI killed the service	Settings → Battery → ClawPaw → No restrictions; lock app in recents
`failed to authenticate`	New adb server, phone needs to approve	Check phone for Allow USB debugging dialog
Screenshot is black	Screen is off	Press power key first, or `adb shell input keyevent KEYCODE_WAKEUP`

安全使用建议

This skill appears to implement what it claims (full remote control of an Android phone), but it exercises very powerful capabilities — notification access, accessibility, secure-settings, camera/audio, location, and the ability to execute commands via adb/SSH. Before installing or running any steps: 1) Verify the app and backend (https://www.clawpaw.me) are from a trusted, known vendor and ask for source/homepage/signing proof; 2) Do not blindly grant WRITE_SECURE_SETTINGS/WRITE_SETTINGS or accessibility/notification access unless you trust the app and understand the implications; 3) Avoid storing long-lived secrets unencrypted in ~/.claude.json — prefer ephemeral tokens or ensure the file is protected; 4) The included curl calls use -k (--insecure) which disables TLS certificate verification — remove -k or ensure proper certificate validation to avoid MITM risk; 5) Review the APK you install (and its signing) before installing; 6) If you’re uncomfortable with storing credentials or granting these permissions, do not proceed. If you want higher confidence, ask the publisher for a homepage, source repository, signed APK, and a privacy/security explanation for data handling and retention.

功能分析

Type: OpenClaw Skill Name: clawpaw-phone-control Version: 1.0.0 The bundle implements a remote Android control framework that establishes a persistent reverse SSH tunnel and enables wireless ADB (tcpip 5555) via the 'clawpaw-setup' skill and associated scripts. It grants high-risk permissions like WRITE_SECURE_SETTINGS and provides detailed instructions for an AI agent to interact with sensitive apps (WhatsApp, Instagram, Feishu) and exfiltrate data (notifications, photos, location). While these capabilities are aligned with the stated goal of 'LLM-to-phone control' and include user confirmation prompts, the architecture relies on a third-party backend (www.clawpaw.me) and creates a significant security risk by maintaining a remote access backdoor.

能力评估

✓ Purpose & Capability

Name/description (remote phone control via an app + adb/SSH tunnel) align with the included scripts and many use-case SKILL.md files. Requests to run adb, install an APK, grant WRITE_SETTINGS/WRITE_SECURE_SETTINGS, and exchange UID/SECRET with a backend are coherent for full device control.

ℹ Instruction Scope

Runtime instructions stay within phone-control scope (install APK, grant permissions, open SSH tunnel, use MCP tools, read notifications, take screenshots). However the skill instructs reading/writing local files (saving screenshot to /tmp) and instructs storing secrets in ~/.claude.json and using them in curl requests; those behaviors are sensitive but expected for this capability. Worth noting: many example use-cases require access to notifications, camera, microphone, location and ability to take actions on the phone — these are intrinsically high-privilege actions.

✓ Install Mechanism

This is instruction-first with small helper scripts in-repo (no external install/download of code by the skill itself). The ADBKeyboard instruction references a GitHub release URL (reasonable). No remote arbitrary binary download/install by the skill on the host machine is performed by the skill itself.

⚠ Credentials

The skill does not declare env vars but instructs the user to provide UID/SECRET from the phone and to add CLAWPAW_UID/CLAWPAW_SECRET to ~/.claude.json. Storing an unencrypted secret locally and passing it to https://www.clawpaw.me is sensitive. The scripts also request WRITE_SECURE_SETTINGS and notification/accessibility permissions — powerful capabilities that permit broad device control and data access. The use of these permissions is consistent with the stated functionality but is high-risk and should be confirmed by the user.

✓ Persistence & Privilege

always:false and disable-model-invocation:true reduce autonomous risk. The skill does instruct adding credentials to a local Claude config for optional MCP integration (explicit user action). The skill does not request forced global inclusion or modify other skills' configs.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install clawpaw-phone-control
安装完成后，直接呼叫该 Skill 的名称或使用 /clawpaw-phone-control 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release: step-by-step setup guide for connecting and controlling Android phones via ClawPaw. - Guides users through prerequisites, APK install, permissions, SSH tunnel, ADB, and end-to-end tests. - Includes troubleshooting tips for common setup errors. - Automates device and permission checks using included Bash scripts. - Supports MCP integration for advanced remote phone controls from Claude Code.

元数据

Slug clawpaw-phone-control

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题