[caihongxu]

Good question. I think of it as scope control + action control.

Scope control: in Palmier, you explicitly enable/disable phone capability groups in the UI. Some are bundled according to Android’s permission model. So an agent only gets access to the categories you’ve chosen to expose.

Action control: for agent CLIs that already support tool-level permission checks, Palmier piggybacks on that. So even if, say, email/calendar access is enabled in Palmier, the actual tool use can still be approved per action by the agent runtime.

So Palmier is one layer of defense, and the agent’s own tool approval model is the second.

That means the safety story is much better for agents with good per-tool approval UX (like Claude Code), and weaker for agents that don’t have it (like OpenClaw). For those, the Palmier toggles are the main gate, so users need to be much more careful about what they enable.

Any thoughts/suggestions?