Xpersona

Crawler Summary

mobile-security-expert answer-first brief

移动安全漏洞挖掘知识库,基于HackerOne公开报告提供Android和iOS应用的漏洞挖掘手法、技术细节和代码模式分析;用于安全研究人员和漏洞挖掘者学习参考、代码审计和漏洞检测指导。 --- name: mobile-security-expert description: 移动安全漏洞挖掘知识库,基于HackerOne公开报告提供Android和iOS应用的漏洞挖掘手法、技术细节和代码模式分析;用于安全研究人员和漏洞挖掘者学习参考、代码审计和漏洞检测指导。 --- 移动安全漏洞挖掘知识库 任务目标 - 本 Skill 用于:基于 HackerOne 公开报告的移动安全漏洞挖掘指导与知识查询 - 能力包含: - Android 漏洞挖掘指导(业务逻辑缺陷、组件安全、数据存储、权限绕过等) - iOS 漏洞挖掘指导(URL Scheme、Deep Link、数据保护、API 安全等) - 漏洞案例查询和分析(真实报告手法总结) - 代码模式识别和漏洞检测(对比已知漏洞模式) - 挖掘工具使用指导(Drozer、Frida、Burp Suite 等) - 触发条件:用户询问移动应用安全、漏洞挖掘方法、代码审计、H Published capability contract available. No trust telemetry is available yet. 101 GitHub stars reported by the source. Last updated 2/24/2026.

Freshness

Last checked 2/22/2026

Best For

Contract is available with explicit auth and schema references.

Not Ideal For

mobile-security-expert is not ideal for teams that need stronger public trust telemetry, lower setup complexity, or more explicit contract coverage before production rollout.

Evidence Sources Checked

editorial-content, capability-contract, runtime-metrics, public facts pack

CardFactsSnapshotContractTrust
Claim this agent
Agent DossierGitHubSafety: 100/100

mobile-security-expert

移动安全漏洞挖掘知识库,基于HackerOne公开报告提供Android和iOS应用的漏洞挖掘手法、技术细节和代码模式分析;用于安全研究人员和漏洞挖掘者学习参考、代码审计和漏洞检测指导。 --- name: mobile-security-expert description: 移动安全漏洞挖掘知识库,基于HackerOne公开报告提供Android和iOS应用的漏洞挖掘手法、技术细节和代码模式分析;用于安全研究人员和漏洞挖掘者学习参考、代码审计和漏洞检测指导。 --- 移动安全漏洞挖掘知识库 任务目标 - 本 Skill 用于:基于 HackerOne 公开报告的移动安全漏洞挖掘指导与知识查询 - 能力包含: - Android 漏洞挖掘指导(业务逻辑缺陷、组件安全、数据存储、权限绕过等) - iOS 漏洞挖掘指导(URL Scheme、Deep Link、数据保护、API 安全等) - 漏洞案例查询和分析(真实报告手法总结) - 代码模式识别和漏洞检测(对比已知漏洞模式) - 挖掘工具使用指导(Drozer、Frida、Burp Suite 等) - 触发条件:用户询问移动应用安全、漏洞挖掘方法、代码审计、H

OpenClawself-declared

Public facts

7

Change events

1

Artifacts

0

Freshness

Feb 22, 2026

Verifiededitorial-contentNo verified compatibility signals101 GitHub stars

Published capability contract available. No trust telemetry is available yet. 101 GitHub stars reported by the source. Last updated 2/24/2026.

101 GitHub starsSchema refs publishedTrust evidence available

Trust score

Unknown

Compatibility

OpenClaw

Freshness

Feb 22, 2026

Vendor

S7safe

Artifacts

0

Benchmarks

0

Last release

Unpublished

Executive Summary

Key links, install path, and a quick operational read before the deeper crawl record.

Verifiededitorial-content

Summary

Published capability contract available. No trust telemetry is available yet. 101 GitHub stars reported by the source. Last updated 2/24/2026.

View Source

Setup snapshot

git clone https://github.com/s7safe/android-h1.git
  1. 1

    Setup complexity is LOW. This package is likely designed for quick installation with minimal external side-effects.

  2. 2

    Final validation: Expose the agent to a mock request payload inside a sandbox and trace the network egress before allowing access to real customer data.

Evidence Ledger

Everything public we have scraped or crawled about this agent, grouped by evidence type with provenance.

Verifiededitorial-content
Vendor (1)

Vendor

S7safe

profilemedium
Observed Feb 24, 2026Source linkProvenance
Compatibility (2)

Protocol compatibility

OpenClaw

contractmedium
Observed Feb 24, 2026Source linkProvenance

Auth modes

api_key

contracthigh
Observed Feb 24, 2026Source linkProvenance
Artifact (1)

Machine-readable schemas

OpenAPI or schema references published

contracthigh
Observed Feb 24, 2026Source linkProvenance
Adoption (1)

Adoption signal

101 GitHub stars

profilemedium
Observed Feb 24, 2026Source linkProvenance
Security (1)

Handshake status

UNKNOWN

trustmedium
Observed unknownSource linkProvenance
Integration (1)

Crawlable docs

6 indexed pages on the official domain

search_documentmedium
Observed Apr 15, 2026Source linkProvenance

Release & Crawl Timeline

Merged public release, docs, artifact, benchmark, pricing, and trust refresh events.

Self-declaredagent-index

Docs Update

Docs refreshed: Sign in to GitHub · GitHub

search_documentmedium

Fresh crawlable documentation was indexed for the official domain.

Observed Apr 15, 2026

Artifacts Archive

Extracted files, examples, snippets, parameters, dependencies, permissions, and artifact metadata.

Self-declaredGITHUB OPENCLEW

Extracted files

0

Examples

0

Snippets

0

Languages

typescript

Parameters

Docs & README

Full documentation captured from public sources, including the complete README when available.

Self-declaredGITHUB OPENCLEW

Docs source

GITHUB OPENCLEW

Editorial quality

ready

移动安全漏洞挖掘知识库,基于HackerOne公开报告提供Android和iOS应用的漏洞挖掘手法、技术细节和代码模式分析;用于安全研究人员和漏洞挖掘者学习参考、代码审计和漏洞检测指导。 --- name: mobile-security-expert description: 移动安全漏洞挖掘知识库,基于HackerOne公开报告提供Android和iOS应用的漏洞挖掘手法、技术细节和代码模式分析;用于安全研究人员和漏洞挖掘者学习参考、代码审计和漏洞检测指导。 --- 移动安全漏洞挖掘知识库 任务目标 - 本 Skill 用于:基于 HackerOne 公开报告的移动安全漏洞挖掘指导与知识查询 - 能力包含: - Android 漏洞挖掘指导(业务逻辑缺陷、组件安全、数据存储、权限绕过等) - iOS 漏洞挖掘指导(URL Scheme、Deep Link、数据保护、API 安全等) - 漏洞案例查询和分析(真实报告手法总结) - 代码模式识别和漏洞检测(对比已知漏洞模式) - 挖掘工具使用指导(Drozer、Frida、Burp Suite 等) - 触发条件:用户询问移动应用安全、漏洞挖掘方法、代码审计、H

Full README

name: mobile-security-expert description: 移动安全漏洞挖掘知识库,基于HackerOne公开报告提供Android和iOS应用的漏洞挖掘手法、技术细节和代码模式分析;用于安全研究人员和漏洞挖掘者学习参考、代码审计和漏洞检测指导。

移动安全漏洞挖掘知识库

任务目标

  • 本 Skill 用于:基于 HackerOne 公开报告的移动安全漏洞挖掘指导与知识查询
  • 能力包含:
    • Android 漏洞挖掘指导(业务逻辑缺陷、组件安全、数据存储、权限绕过等)
    • iOS 漏洞挖掘指导(URL Scheme、Deep Link、数据保护、API 安全等)
    • 漏洞案例查询和分析(真实报告手法总结)
    • 代码模式识别和漏洞检测(对比已知漏洞模式)
    • 挖掘工具使用指导(Drozer、Frida、Burp Suite 等)
  • 触发条件:用户询问移动应用安全、漏洞挖掘方法、代码审计、HackerOne 案例分析等

操作步骤

标准流程

  1. 需求识别与场景匹配

    • 确定目标平台(Android/iOS)或跨平台
    • 识别漏洞类型(业务逻辑、组件安全、数据保护等)
    • 确定查询意图(学习指导、代码审计、案例参考)

  2. 知识检索

    • Android 相关:读取 android.md,根据关键词定位相关案例
    • iOS 相关:读取 ios.md,根据关键词定位相关案例
    • 提取案例中的"挖掘手法"、"技术细节"、"易出现漏洞的代码模式"三部分

  3. 分析与指导

    • 挖掘手法指导:根据案例中的详细步骤,为用户提供可操作的挖掘流程
    • 技术细节讲解:解释漏洞的成因、利用方式和关键技术点
    • 代码模式识别:对比用户提供的代码与已知的漏洞模式,指出潜在风险
    • 工具使用建议:根据案例需要,推荐并指导使用相关安全测试工具

  4. 输出组织

    • 针对性回答用户问题,避免堆砌无关案例
    • 提供具体可执行的步骤和命令
    • 包含真实案例链接供深入参考
    • 如涉及代码分析,明确指出漏洞位置和修复建议

典型场景处理

场景 A:如何挖掘特定类型漏洞

  • 查询相关文档,提取对应漏洞类型的案例
  • 总结该类漏洞的通用挖掘思路和关键点
  • 提供详细的步骤指导和工具使用方法

场景 B:代码审计和漏洞检测

  • 读取文档中对应的"易出现漏洞的代码模式"
  • 对比用户代码,识别相似模式
  • 提供具体的漏洞点和修复建议

场景 C:HackerOne 案例分析

  • 根据报告 URL 或漏洞名称,定位文档中的对应案例
  • 总结该案例的核心挖掘手法和技术亮点
  • 分析该手法在其他场景的可复用性

场景 D:学习移动安全知识

  • 按平台和漏洞类型系统性地提供案例索引
  • 从简单到复杂,推荐学习路径
  • 强调实战经验和技巧

资源索引

核心参考资料

  • Android 漏洞知识库android.md

    • 内容:基于 100+ HackerOne 报告的 Android 漏洞案例
    • 用途:Android 应用漏洞挖掘指导、代码模式参考
    • 覆盖类型:业务逻辑缺陷、组件安全、数据存储、权限绕过、API 安全等

  • iOS 漏洞知识库ios.md

    • 内容:基于 100+ HackerOne 报告的 iOS 漏洞案例
    • 用途:iOS 应用漏洞挖掘指导、代码模式参考
    • 覆盖类型:URL Scheme 处理、Deep Link 安全、数据保护、API 安全等

参考文档结构

每个案例包含三个核心部分:

  1. 挖掘手法:漏洞发现的具体步骤、工具使用、分析思路
  2. 技术细节:攻击流程、Payload 构造、关键技术点
  3. 易出现漏洞的代码模式:漏洞代码示例和修复建议

注意事项

  • 上下文控制:根据具体问题选择性阅读相关章节,避免一次性加载整个文档
  • 实战导向:重点提供可操作的挖掘步骤和工具使用方法,而非理论讲解
  • 安全合规:所有挖掘手法仅用于授权的安全测试和学习研究
  • 案例真实性:所有案例均来自 HackerOne 公开报告,附有原始报告链接
  • 代码安全:在分析用户代码时,仅识别漏洞模式,不执行代码本身

使用示例

示例 1:Android Activity 认证绕过挖掘

功能说明:学习如何挖掘 Android 应用的 Activity 认证绕过漏洞 执行方式:智能体分析 + 文档检索 关键要点

  • 使用 Drozer 枚举导出的 Activity 组件
  • 测试敏感 Activity 是否需要认证
  • 检查 AndroidManifest.xml 配置和代码逻辑

示例 2:iOS URL Scheme 漏洞分析

功能说明:分析 iOS 应用的 URL Scheme 处理是否存在安全漏洞 执行方式:智能体代码分析 + 文档参考 关键要点

  • 检查 Info.plist 中注册的 URL Scheme
  • 分析 AppDelegate/SceneDelegate 中的 URL 处理逻辑
  • 验证调用来源和参数校验

示例 3:2FA 逻辑缺陷挖掘

功能说明:指导如何发现移动应用的 2FA 实现逻辑漏洞 执行方式:智能体流程指导 + 工具使用建议 关键要点

  • 测试短信重发的速率限制
  • 验证手机号码绑定时的授权检查
  • 使用 Burp Suite 拦截和分析请求

Contract & API

Machine endpoints, protocol fit, contract coverage, invocation examples, and guardrails for agent-to-agent use.

Verifiedcapability-contract

Endpoints

Dossier APISnapshot APIContract APITrust API

Contract coverage

Status

ready

Auth

api_key

Streaming

No

Data region

global

Protocol support

OpenClaw: self-declared

Requires: openclew, lang:typescript

Forbidden: none

Guardrails

Operational confidence: medium

Contract is available with explicit auth and schema references.
Trust confidence is not low and verification freshness is acceptable.
Invocation examples
curl -s "https://xpersona.co/api/v1/agents/s7safe-android-h1/snapshot"
curl -s "https://xpersona.co/api/v1/agents/s7safe-android-h1/contract"
curl -s "https://xpersona.co/api/v1/agents/s7safe-android-h1/trust"

Reliability & Benchmarks

Trust and runtime signals, benchmark suites, failure patterns, and practical risk constraints.

Missingruntime-metrics

Trust signals

Handshake

UNKNOWN

Confidence

unknown

Attempts 30d

unknown

Fallback rate

unknown

Runtime metrics

Observed P50

unknown

Observed P95

unknown

Rate limit

unknown

Estimated cost

unknown

No benchmark suites or observed failure patterns are available.

Media & Demo

Every public screenshot, visual asset, demo link, and owner-provided destination tied to this agent.

Missingno-media
No screenshots, media assets, or demo links are available.

Related Agents

Neighboring agents from the same protocol and source ecosystem for comparison and shortlist building.

Self-declaredprotocol-neighbors
GITHUB_REPOSactivepieces

Rank

70

AI Agents & MCPs & AI Workflow Automation • (~400 MCP servers for AI agents) • AI Automation / AI Agent with MCPs • AI Workflows & AI Agents • MCPs for AI Agents

Traction

No public download signal

Freshness

Updated 2d ago

OPENCLAW
GITHUB_REPOScherry-studio

Rank

70

AI productivity studio with smart chat, autonomous agents, and 300+ assistants. Unified access to frontier LLMs

Traction

No public download signal

Freshness

Updated 5d ago

MCPOPENCLAW
GITHUB_REPOSAionUi

Rank

70

Free, local, open-source 24/7 Cowork app and OpenClaw for Gemini CLI, Claude Code, Codex, OpenCode, Qwen Code, Goose CLI, Auggie, and more | 🌟 Star if you like it!

Traction

No public download signal

Freshness

Updated 6d ago

MCPOPENCLAW
GITHUB_REPOSCopilotKit

Rank

70

The Frontend for Agents & Generative UI. React + Angular

Traction

No public download signal

Freshness

Updated 23d ago

OPENCLAW
Agent hubMore from this sourceOpenClaw agents
Machine Appendix

Contract JSON

{
  "contractStatus": "ready",
  "authModes": [
    "api_key"
  ],
  "requires": [
    "openclew",
    "lang:typescript"
  ],
  "forbidden": [],
  "supportsMcp": false,
  "supportsA2a": false,
  "supportsStreaming": false,
  "inputSchemaRef": "https://github.com/s7safe/android-h1#input",
  "outputSchemaRef": "https://github.com/s7safe/android-h1#output",
  "dataRegion": "global",
  "contractUpdatedAt": "2026-02-24T19:44:03.629Z",
  "sourceUpdatedAt": "2026-02-24T19:44:03.629Z",
  "freshnessSeconds": 4420060
}

Invocation Guide

{
  "preferredApi": {
    "snapshotUrl": "https://xpersona.co/api/v1/agents/s7safe-android-h1/snapshot",
    "contractUrl": "https://xpersona.co/api/v1/agents/s7safe-android-h1/contract",
    "trustUrl": "https://xpersona.co/api/v1/agents/s7safe-android-h1/trust"
  },
  "curlExamples": [
    "curl -s \"https://xpersona.co/api/v1/agents/s7safe-android-h1/snapshot\"",
    "curl -s \"https://xpersona.co/api/v1/agents/s7safe-android-h1/contract\"",
    "curl -s \"https://xpersona.co/api/v1/agents/s7safe-android-h1/trust\""
  ],
  "jsonRequestTemplate": {
    "query": "summarize this repo",
    "constraints": {
      "maxLatencyMs": 2000,
      "protocolPreference": [
        "OPENCLEW"
      ]
    }
  },
  "jsonResponseTemplate": {
    "ok": true,
    "result": {
      "summary": "...",
      "confidence": 0.9
    },
    "meta": {
      "source": "GITHUB_OPENCLEW",
      "generatedAt": "2026-04-16T23:31:43.888Z"
    }
  },
  "retryPolicy": {
    "maxAttempts": 3,
    "backoffMs": [
      500,
      1500,
      3500
    ],
    "retryableConditions": [
      "HTTP_429",
      "HTTP_503",
      "NETWORK_TIMEOUT"
    ]
  }
}

Trust JSON

{
  "status": "unavailable",
  "handshakeStatus": "UNKNOWN",
  "verificationFreshnessHours": null,
  "reputationScore": null,
  "p95LatencyMs": null,
  "successRate30d": null,
  "fallbackRate": null,
  "attempts30d": null,
  "trustUpdatedAt": null,
  "trustConfidence": "unknown",
  "sourceUpdatedAt": null,
  "freshnessSeconds": null
}

Capability Matrix

{
  "rows": [
    {
      "key": "OPENCLEW",
      "type": "protocol",
      "support": "unknown",
      "confidenceSource": "profile",
      "notes": "Listed on profile"
    }
  ],
  "flattenedTokens": "protocol:OPENCLEW|unknown|profile"
}

Facts JSON

[
  {
    "factKey": "docs_crawl",
    "category": "integration",
    "label": "Crawlable docs",
    "value": "6 indexed pages on the official domain",
    "href": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceUrl": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceType": "search_document",
    "confidence": "medium",
    "observedAt": "2026-04-15T05:03:46.393Z",
    "isPublic": true
  },
  {
    "factKey": "protocols",
    "category": "compatibility",
    "label": "Protocol compatibility",
    "value": "OpenClaw",
    "href": "https://xpersona.co/api/v1/agents/s7safe-android-h1/contract",
    "sourceUrl": "https://xpersona.co/api/v1/agents/s7safe-android-h1/contract",
    "sourceType": "contract",
    "confidence": "medium",
    "observedAt": "2026-02-24T19:44:03.629Z",
    "isPublic": true
  },
  {
    "factKey": "auth_modes",
    "category": "compatibility",
    "label": "Auth modes",
    "value": "api_key",
    "href": "https://xpersona.co/api/v1/agents/s7safe-android-h1/contract",
    "sourceUrl": "https://xpersona.co/api/v1/agents/s7safe-android-h1/contract",
    "sourceType": "contract",
    "confidence": "high",
    "observedAt": "2026-02-24T19:44:03.629Z",
    "isPublic": true
  },
  {
    "factKey": "schema_refs",
    "category": "artifact",
    "label": "Machine-readable schemas",
    "value": "OpenAPI or schema references published",
    "href": "https://github.com/s7safe/android-h1#input",
    "sourceUrl": "https://xpersona.co/api/v1/agents/s7safe-android-h1/contract",
    "sourceType": "contract",
    "confidence": "high",
    "observedAt": "2026-02-24T19:44:03.629Z",
    "isPublic": true
  },
  {
    "factKey": "vendor",
    "category": "vendor",
    "label": "Vendor",
    "value": "S7safe",
    "href": "https://github.com/s7safe/android-h1",
    "sourceUrl": "https://github.com/s7safe/android-h1",
    "sourceType": "profile",
    "confidence": "medium",
    "observedAt": "2026-02-24T19:43:14.176Z",
    "isPublic": true
  },
  {
    "factKey": "traction",
    "category": "adoption",
    "label": "Adoption signal",
    "value": "101 GitHub stars",
    "href": "https://github.com/s7safe/android-h1",
    "sourceUrl": "https://github.com/s7safe/android-h1",
    "sourceType": "profile",
    "confidence": "medium",
    "observedAt": "2026-02-24T19:43:14.176Z",
    "isPublic": true
  },
  {
    "factKey": "handshake_status",
    "category": "security",
    "label": "Handshake status",
    "value": "UNKNOWN",
    "href": "https://xpersona.co/api/v1/agents/s7safe-android-h1/trust",
    "sourceUrl": "https://xpersona.co/api/v1/agents/s7safe-android-h1/trust",
    "sourceType": "trust",
    "confidence": "medium",
    "observedAt": null,
    "isPublic": true
  }
]

Change Events JSON

[
  {
    "eventType": "docs_update",
    "title": "Docs refreshed: Sign in to GitHub · GitHub",
    "description": "Fresh crawlable documentation was indexed for the official domain.",
    "href": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceUrl": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceType": "search_document",
    "confidence": "medium",
    "observedAt": "2026-04-15T05:03:46.393Z",
    "isPublic": true
  }
]

Sponsored

Ads related to mobile-security-expert and adjacent AI workflows.