ClawHub

Midscene Automations Skills for iOS

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate iOS automation skill, but it can broadly control a live device and send screen contents to external model providers without enough user-facing safeguards.

Install only if you intentionally want an agent to operate a connected iPhone or iPad. Prefer test devices and test accounts, verify the `@midscene/ios` npm package source, use limited provider API keys, avoid confidential screens, and require explicit confirmation before deleting data, submitting forms, sending messages, making calls, purchasing, changing settings, or logging into sensitive accounts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list is broad enough to match many ordinary iOS-related requests such as generic testing, navigation, or checking whether an app works. That increases the chance the skill is invoked unexpectedly, causing device automation and screenshot-based analysis to run in contexts where the user did not explicitly consent to this tool or its data flows.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill processes device screenshots through external model providers, but it does not present a clear user-facing warning that screen contents, app data, messages, credentials, or other sensitive information may be transmitted off-device. In a vision-driven mobile automation context, this omission is especially risky because the tool can capture any visible content across arbitrary apps, making inadvertent disclosure of highly sensitive data plausible.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal