📦 android build tool — 安卓SDK下载配置
v0.0.2一键下载并配置Android SDK,支持Windows/macOS,自动处理版本与依赖,让移动项目快速就绪。
0· 342·0 当前·0 累计
by 下载技能包
最后更新
2026/4/22
安全扫描
OpenClaw
可疑
high confidenceThe skill is coherent with an Android SDK helper (it downloads and runs a helper binary), but it downloads and executes an unsigned remote binary at runtime with no integrity checks — a risky design decision you should review before installing.
评估建议
This skill works by downloading and executing a helper binary (pi.exe/pi) from a GitHub Releases URL at runtime. That makes its behavior dependent on whatever code is in that remote binary — which is not included or verified. Before installing or running it: 1) Review the upstream release page and vendor identity (who controls noah-smith-max/pi_public) and confirm you trust that source. 2) Ask the skill author for checksums/signatures or for the helper's source code so you can verify what will r...详细分析 ▾
ℹ 用途与能力
The name/description (Android SDK management) match the included Python wrapper which downloads and runs a helper 'pi' binary to perform tasks. Requesting a helper executable is plausible for this purpose, so the overall capability aligns with the stated purpose.
⚠ 指令范围
The runtime instructions (run pi_claw.py) cause the skill to download an external binary and execute it. While this is related to the stated task, the instructions grant the skill authority to fetch and run arbitrary remote code (the contents of the 'pi' binary are not included), which expands scope beyond what a pure instruction-only skill typically does.
⚠ 安装机制
The Python script downloads an executable from GitHub Releases and executes it. Although GitHub releases is a known host, there is no checksum/signature verification, no pinned release artifact, and the binary is executed immediately. Download+extract/execute of remote binaries without integrity checks is a high-risk install pattern.
✓ 凭证需求
The skill declares no required environment variables, credentials, or config paths and the code does not read any secrets. The requested environment access is minimal and proportionate to the task as described.
ℹ 持久化与权限
The script writes the downloaded 'pi' binary into the same directory as pi_claw.py and executes it. This is a local write and not a platform-wide persistence request (always:false). Still, writing and running an executable on disk increases attack surface and should be considered before use.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv0.0.22026/3/4
support flutter-android, mac and windows.
● 可疑
安装命令
点击复制官方npx clawhub@latest install android-build
镜像加速npx clawhub@latest install android-build --registry https://cn.longxiaskill.com