iClick Automation
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill is coherently described as an iOS automation tool, but it can control connected devices and handle screenshots/media, so users should use it only on intended devices.
Before installing, make sure you trust the publisher and intend to let the agent control connected iOS devices. Use it only for devices you own or administer, verify the deviceId before actions, and explicitly approve destructive commands such as deleting or clearing media.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could tap, type, open apps, close tasks, and delete media on connected devices when asked.
The skill exposes commands that can directly control a connected iOS device and delete or clear device-side media. These are consistent with the automation purpose, but they are high-impact actions if invoked on the wrong device or without user intent.
node {baseDir}/server.js click ... sendText ... delMediaFile ... clearMediaFile ... openApp ... killRecentsConfirm the target deviceId and get explicit user approval before actions that enter text, operate apps, or delete/clear media.
A device screenshot may be exposed to the agent context or left temporarily on disk.
Screenshots from a connected device are written to a temporary local file. Screenshots can contain sensitive personal or account information and may remain until cleaned up.
const _file = path.join(os.tmpdir(), `${Math.random().toString(36).substring(2, 15)}.jpg`)
await fs.writeFile(_file, _data)Only capture screenshots when needed, avoid sharing sensitive screens, and delete temporary screenshot files after use.
Users have less ability to independently verify who authored the code and bundled dependencies.
The registry metadata does not provide a source repository or homepage for verifying the package provenance. This is not evidence of malicious behavior, but it matters for a skill that controls devices.
Source: unknown Homepage: none
Install only if you trust the publisher, and prefer a version with a verifiable source repository or reviewed package contents.