Agent Touch Layer
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for iOS Simulator automation, but users should review its unpinned external install and local automation servers before use.
Install only if you are comfortable building ATL from the referenced GitHub repository and running local simulator automation servers. Review or pin the upstream code, use a dedicated simulator, avoid logging into sensitive accounts unless necessary, and stop the servers when finished.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The installed automation app depends on remote code that can change outside this skill package.
The setup downloads ATL from an external GitHub repository without pinning a commit, tag, or release artifact before building and installing it.
git clone https://github.com/JordanCoin/Atl "$ATL_ROOT"
Review the upstream repository and consider pinning to a trusted commit or release before installing.
An agent using this skill could interact with websites or simulator apps and change their state if instructed or if a task is ambiguous.
The skill intentionally exposes broad simulator UI automation, including opening apps, reading snapshots, tapping elements, screenshots, and browser commands such as evaluate.
Native automation uses **port 9223** and automates **any iOS app** using the accessibility tree
Use it in a trusted local environment and require explicit user approval for actions that submit forms, change settings, delete data, or affect accounts.
The local automation endpoint may remain available after setup until the simulator app or test server is stopped.
Setup launches the ATL simulator app and verifies that a local server remains running on the configured port.
xcrun simctl launch "$UDID" com.atl.browser
Stop the ATL app, simulator, or background native server when you are finished using the skill.