ClawHub

iClick Automation

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a legitimate iOS automation tool, but it gives an agent broad control over connected devices without enough safety boundaries around screenshots, text input, and destructive media actions.

Install only if you intentionally want an agent to control connected iOS devices through iClick. Use it on test devices or low-risk accounts first, verify the deviceId before every action, and require manual confirmation before screenshots, text entry, app actions, media deletion, or media clearing. Treat screenshots as sensitive because they may contain messages, credentials, tokens, or private photos.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Low
Confidence
86% confidence
Finding
The README advertises screenshot capture and device automation actions such as click, swipe, text input, and key events without clearly warning that these operations can change device state, enter data, or trigger unintended actions on a connected iOS device. In an automation skill for real devices, omission of these cautions can lead to accidental misuse, especially when invoked from scripts or agents that treat the commands as harmless status operations.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly instructs the agent to retrieve device screenshots, copy them into the workspace, and send them onward, but it does not require consent, redaction, minimization, or a warning that screenshots can expose personal data, credentials, messages, tokens, or other sensitive content. In this context, the skill is designed for controlling real iOS devices, so screenshot handling is inherently privacy-sensitive and the lack of safeguards makes unintended disclosure materially more likely.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill documents deletion and clearing operations for device media files without requiring confirmation or warning about irreversible data loss. Because this skill controls connected devices and exposes commands such as delMediaFile and clearMediaFile, an agent or user could accidentally destroy photos or other media with little friction, making the operational context more dangerous than a purely informational example.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The function captures screenshot data and writes it to a predictable temporary storage location without any consent prompt, disclosure, retention control, or cleanup. Screenshots can contain highly sensitive information such as credentials, personal messages, or tokens, so persisting them on disk increases exposure to other local processes, later forensic recovery, or accidental leakage.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal