Mirroir
WarnAudited by ClawScan on May 10, 2026.
Overview
Mirroir clearly aims to control your iPhone, but it gives an agent broad access to a real phone and requires privileged persistent Mac components, so it should be reviewed carefully before use.
Install only if you intentionally want an agent to see and operate your real iPhone. Treat it like granting remote-control access: inspect the installer, understand the helper daemon and Karabiner permissions, keep sensitive apps closed, and require explicit confirmation before messages, purchases, credential entry, account changes, or settings changes.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could perform meaningful actions on your phone, such as sending messages, entering text, navigating apps, opening URLs, or changing network settings.
These tools let an agent perform real UI actions on any mirrored iPhone app, including settings and app workflows, without visible per-action safety limits in the provided artifact.
“Works with any app on screen” and tools include `tap`, `swipe`, `type_text`, `launch_app`, `open_url`, `set_network mode`, and multi-step scenarios.
Use this only for explicit phone-control tasks and require user confirmation before sending messages, purchasing, changing settings, entering credentials, or modifying important app data.
Actions taken through the mirrored phone may be treated as actions by you in personal or work accounts.
The skill acts through the user’s already-authenticated iPhone apps and device settings, effectively inheriting the user’s phone/account authority without narrow app or action scoping.
Use cases include “Sending an iMessage, WhatsApp, or any messaging app message,” “Adding calendar events, reminders, or notes,” “login flows,” and “toggling network modes.”
Limit use to trusted, user-directed sessions and avoid granting the agent open-ended authority over messaging, financial, work, password, or admin apps.
Private messages, notifications, account pages, one-time codes, photos, or other sensitive on-screen content could be exposed to the agent/tool session.
Screen images, OCR text, and recordings from any iPhone app can flow through the MCP tool boundary into the agent context, but the artifact does not describe data minimization, retention, or sensitive-screen handling.
`screenshot` captures the iPhone screen, `describe_screen` OCRs the screen, `start_recording` records video, and “Mirroir is an MCP server.”
Keep sensitive apps and notifications closed during use, avoid password/OTP screens, and review how the MCP server stores or returns screenshots and recordings.
You must trust the external website, npm package, and Homebrew tap to install and maintain code that can control your phone and local input stack.
The skill asks users to execute external installer/package code that was not included in the reviewed artifacts, while the install path also configures privileged local components.
Recommended setup: `/bin/bash -c "$(curl -fsSL https://mirroir.dev/get-mirroir.sh)"`; alternatives include `brew install iphone-mirroir-mcp` and `npx -y iphone-mirroir-mcp install`.
Prefer a verifiable pinned release, inspect the installer before running it, and install only from sources you trust.
Privileged components may remain installed after the immediate task and continue to provide a pathway for phone/input automation.
A persistent helper daemon and keyboard/input extension are disclosed and purpose-aligned, but the artifact does not show clear bounds for when they run, how to disable them, or how their privileges are contained.
Setup says to “configure the helper daemon and Karabiner,” with “Karabiner-Elements (installed automatically by the mirroir installer)” and approval of the “Karabiner DriverKit extension.”
Before installing, confirm how to stop the daemon, remove the extension, revoke Accessibility/Screen Recording permissions, and uninstall all helper components.