← 返回 Skills 市场
nop3z

mobile-master

作者 Nop · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
101
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install mobile-master
功能描述
移动安全SKILL 协助逆向
安全使用建议
This skill appears to be a toolbox for Android reverse engineering (frida, adb, dexdump, apktool). Before installing: 1) Verify and trust the source (homepage unknown; README points to a GitHub repo). 2) Expect to need adb, frida (and frida-server on a rooted device), frida-dexdump and apktool installed on the host — the skill metadata does not declare these prerequisites. 3) Review the provided scripts (they run adb shell, su on the device, forward ports, and adb pull APKs) and only run them against devices you control and with consent. 4) If you plan to allow autonomous agent invocation, be aware the agent could run these scripts and interact with connected devices; restrict use to trusted agents/environments. 5) If you want to proceed, ask the publisher to update the metadata to declare required binaries and to provide a trusted homepage or signed release so you can verify integrity.
能力评估
Purpose & Capability
The skill claims to help Android reverse engineering and its included scripts (frida, adb, frida-dexdump, apktool, jadx references) are consistent with that purpose. However, registry metadata lists no required binaries or environment variables even though the scripts require adb, frida/frida-server, frida-dexdump, apktool and a host with adb access — the omission is an incoherence that could mislead users about what the skill actually needs.
Instruction Scope
SKILL.md is minimal but the included scripts (Start-frida-server.sh, Dexdump.sh, Extract-Installation-Package.sh, Spawn/Attach scripts, Extract-AndroidManifest.xml.sh, frida JS hooks) instruct actions that attach to or spawn processes on Android devices, forward ports, and pull APKs to the host. These actions are within the stated reversing purpose. There are no obvious instructions to read unrelated host secrets or to transmit data to external endpoints, but the scripts will run arbitrary adb/frida commands and pull APKs locally — which is powerful and can be misused if run on sensitive devices.
Install Mechanism
There is no install spec (instruction-only plus bundled scripts), so nothing is downloaded or executed at install time by the platform. The skill will execute local shell commands when invoked; this is lower installer risk but shifts risk to runtime execution.
Credentials
No environment variables or credentials are declared, which superficially looks safe. But scripts implicitly depend on host tools and paths (adb, frida, frida-dexdump, apktool, $HOME/.claude/skills path) and expect device root (Start-frida-server uses su on the device). The lack of declared required binaries is disproportionate to the skill's real needs and may hide operational prerequisites or accidental failures.
Persistence & Privilege
The skill is not always:true and does not request persistent system-wide privileges. It contains scripts that the agent can invoke (disable-model-invocation is false), so an agent could run these scripts if allowed — this is expected for skills that perform operations. There is no evidence the skill modifies other skills or system-wide agent config.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install mobile-master
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /mobile-master 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of mobile-master skill for Android reverse engineering and mobile security tasks. - Added tools and descriptions for dexdump, spawn/attach modes, Frida detection bypass, unpacking, jadx-gui, apktool, APK resigning, manifest extraction, protection detection, and install restriction bypass. - Provided support commands including starting Frida server, extracting APK, spawning/attaching apps, dumping Dex files, using jadx-gui, and extracting AndroidManifest.xml for permission review. - Documentation updated with command table and usage descriptions.
元数据
Slug mobile-master
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

mobile-master 是什么?

移动安全SKILL 协助逆向. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 101 次。

如何安装 mobile-master?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install mobile-master」即可一键安装,无需额外配置。

mobile-master 是免费的吗?

是的,mobile-master 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

mobile-master 支持哪些平台?

mobile-master 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 mobile-master?

由 Nop(@nop3z)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论