Script Kitty has actually been around for a while, but after receiving its 2.0 update last week, it's now a serious contender for one of those must-have apps (at least for anyone with an ssh-enabled server). I downloaded and set it up in a matter of a few minutes (including generating an RSA key for key-based auth and adding said key to a few Linux servers), and now have a stupid easy way of doing certain things very quickly without having to even resort to ConnectBot.


What is Script Kitty?

Here's the gist: if you have repetitive tasks, such as checking available disk space or quickly restarting apache on all your servers, Script Kitty is the app for the job. You first set up your hosts with a choice of password or key-based authentication, set up some shell scripts (which you can export and import), and then execute them across the servers you set up with a flick of a finger.

Script Kitty was developed by Mobilwerx, the guys behind SAWS | The Puridium War and Petri.

An obligatory warning for the rightfully paranoid:
  • If you generate a key (you can't import one yet), it will get created without a password, which makes it inherently less secure. So next time I see an argument against caring about the importance of securing your Android device ("oh noes, someone will steal your Angry Birdz scores"), I will point them to this article.
  • If you use a password, it will get saved, and is therefore subject to the same warning as above.
  • I put in a feature request for passwords in keys as well as importing our own keys, and it's currently under consideration by the developer.
  • And finally, not that it will happen, but if it did and the app went rogue and phoned sensitive information home, know that your servers could be accessed with the saved credentials. Unless it goes open source, and we can verify it's built off that source, there can't be that 100% trust. Again, I'm not saying this will happen, just like it isn't likely to happen to ConnectBot, but I have to put this warning here to clear my conscience.

Version 2.0

V2.0 of the app was totally redesigned and rebuilt from the ground up, including adding support for public key auth. Here's the full changelog:

- 2.0 Launched
- NEW - Redesigned Tablet and Phone GUI
- NEW - Completely rebuilt SSH libraries for enhanced protocol support
- NEW - Enhanced OS support for OOB OSX and BSD support
- NEW - Public key authentication
- NEW - Experimental Support for local android scripts!


Let's have a look at the gorgeous, clean interface, shall we? Bonus points to those of you who can spot a pattern in my server names:

wm_Screenshot_2012-08-02-15-28-39 wm_Screenshot_2012-08-02-15-31-05 wm_Screenshot_2012-08-02-15-29-07 wm_Screenshot_2012-08-02-15-31-22

wm_Screenshot_2012-08-03-15-16-44 wm_Screenshot_2012-08-03-15-17-00 wm_Screenshot_2012-08-03-15-17-08 wm_Screenshot_2012-08-03-15-17-36

Brilliantly simple, isn't it? Who doesn't love this design and ease of use?

You can even break up the servers into groups and execute commands on all servers in a group with one click (it's a little confusing right now, but you have to select a server, then Run Group Script, which will run the script on all servers, but only show you the output of the current one - the UX of this will be improved in the future). It's also interesting to note that the history of command outputs for each server is saved across sessions until you clear it - a nice touch.

My wishlist

Here is my wishlist, which I've forwarded to Mobilworx, along with some responses from the dev:

  • Import existing private keys.
    • Added to 2.1 feature requests.
  • Password protected keys - the current implementation is a security risk because it doesn't support passwords.
    • Added to 2.x feature requests (have to see how tricky it is to maintain. A password would mean a popup every time you run the script. I think that might take away from the clicky nature of the app. it should be doable, but maybe as an option to create a password protected key).
  • Re: passwords - the way ConnectBot deals with it is it lets you unlock the key in its own key manager and then use it while it's in memory. Not sure if it's too applicable in this case as the app is pretty short-lived, but if you want to execute a bunch of stuff, you'd still have to log in only once since the key would be unlocked then and stored in memory.
    • Thanks for the feedback as usual. I will add that to the notes. Maybe just caching that password in memory for a fixed amount of time.
  • Change the input type of the script field to not offer suggestions, capitalization, auto-space and other annoying crap that doesn't belong to scripts.
    • Added to 2.1 feature requests.
  • Any idea if it can get interactive to provide input on the fly?
    • Nope, but we could look into it. We may need to add some support for variables. Tricky, but I will run it by my dev.
  • Scheduled runs?
    • Version 1.0 has support for Tasker and Locale for scheduled runs. We are going to add that support back in eventually. We considered a standalone scheduling engine, but we had nightmares of people with incorrect timezones rebooting servers and stuff stupid.


Script Kitty is absolutely free with the following limitations:

  • Limited to 3 Servers
  • Limited to 2 Server Groups
  • Limited to 5 Active Scripts
  • No Backup/Restore Support

Script Kitty Pro unlocks the limitations and only costs $0.99 - a worthy investment, in my opinion. Check out Script Kitty in the Play Store by using the widgets below.

Artem Russakovskii
Artem is a die-hard Android fan, passionate tech blogger, obsessive-compulsive editor, bug hunting programmer, and the founder of Android Police.
Most of the time, you will find Artem either hacking away at code or thinking of the next 15 blog posts.

  • Ron Amadeo

    DAT UI.

    Also, we have the coolest server names ever.

    • http://www.androidpolice.com/ Artem Russakovskii

      Not enough mineralsss!

  • http://twitter.com/zervin Zack Ervin

    Thanks to the gang at AP for such great support and feedback. We have quite a few feature requests coming in, and we will cram as many as possible into 2.1. Present and future users, if you have an idea for new features, please drop us a comment on this thread to get fast tracked for evaluation.

    • Little Confused

      Some examples would be nice. I have no idea what to program in.. Does ScriptKitty have its own command ref? Can I use VBS? Is it bash? Is there built in commands for user prompt? I got nuthin here or on your web site. It looks nice, but all I can do is log intomy server. How can I telnet to another? Need a waitforstring command or something. Please help!

  • Dortamur

    I also would really like a way of password protecting the keys. The security risk of a lost or compromised phone/tablet is just too great otherwise. Caching the key unlock password for a period of time would be useful, to allow several scripts to be run without having to constantly enter the password.

    I haven't played with the app yet, but another useful feature would be to provide arguments to scripts, so that one script could do several things. Define the number of args (or variables), and prompt for the values before running the script. Advanced config could let you define a field as a select box of values, rather than just having open text fields.

  • raindog469

    Nice marriage of, essentially, expect and ssh. Too bad its source isn't out there... I don't trust people who won't share their source to not collect my clients' sensitive data or otherwise abuse their position. But it gives me some ideas for my own take on it. In the meantime, Connectbot is still the king for me.

    • http://ajenti.org Eugeny

      Well you can use Wireshark to check traffic yourself at any time, that's what I do before entering anything confidential into an app.

      • raindog469

        Well, unless Wireshark has added a "crack SSH encryption" option since the last time I used it, there's no way to tell the difference between "the traffic I expect to see" and "the traffic I expect to see plus the contents of /etc on the remote server" unless "the traffic I expect to see" is just the output of uptime or something. A malicious app might never phone home until it has something its developers considered useful, so using Wireshark before entering credentials isn't really safe.

        • http://twitter.com/zervin Zack Ervin

          We understand your concern, and we are looking into potential methods of providing additional security options for users. At this time we have no plans to share the source code of a paid product. The same arguments could potentially be made for any paid product that does not release source code. I respect your honesty and desire to see the goods, but unfortunately that is just not a viable option.

          I would challenge you to submit to us your suggestions for ways of satisfying your need, short of giving away our source code which would make the paid license pointless. All users are invite to register at https://tracker.mobilwerx.com for access to our alpha and beta product builds, as well as, issue tracker for support, bugs, and feature requests.

          • raindog469

            I'm not asking to see your source code; your license is proprietary. Not that there's anything wrong with that. Withholding source hasn't hurt Microsoft any, but I don't use their products either (well, except for an Xbox 360, but I don't connect to my clients' systems with that.) Millions trust that model. My clients and I don't.

            I appreciate your desire to appeal to everyone, but I'm more likely to adapt existing free software to do this than use software I have no control over.

  • James LaBarre

    Doesn't help at all if you have a B&N Nook Tablet. B&N kneecapped their tablets so that you can't use it for actual *work*, so this will never run there.

  • Drakuwa

    Server names == Star Craft objects/units? :D