Is bluebubbles safe?

https://clawhub.ai/kevin19830331/bluebubbles

85
SAFE

The BlueBubbles skill is a benign development guide for building a messaging channel plugin for the Clawdbot platform. It contains no executable code, no prompt injection attempts, and no data exfiltration vectors. Sensitive file reads observed during installation are attributable to the OpenClaw runtime platform, not the skill itself, and zero outbound network activity was detected. The skill's inherent sensitivity stems from its legitimate purpose: guiding development of a messaging bridge that handles phone numbers and message content.

Category Scores

Prompt Injection 90/100 · 30%
Data Exfiltration 78/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 85/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 72/100 · 5%

Findings (5)

LOW Skill references sensitive config keys -10

The SKILL.md mentions channels.bluebubbles.password as a config key. While this is legitimate documentation for a messaging plugin, it normalizes the agent working with credential values, which could be exploited in combination with a malicious skill.

MEDIUM Runtime reads sensitive files during install -22

The OpenClaw runtime (not the skill itself) reads .env, .aws/credentials, and auth-profiles.json during the skill installation bootstrap. While this is platform behavior and no data was exfiltrated (zero network activity), it demonstrates that the runtime environment exposes sensitive files to the install process.

INFO Jiti JIT compilation during plugin load -5

The runtime compiled several TypeScript modules to /tmp/jiti/ during installation. These are OpenClaw platform modules (plugin-sdk, config-schema, channels-registry, etc.) being JIT-compiled, not skill-provided code. File names reference bluebubbles-actions and plugin infrastructure.

INFO Standard runtime bootstrapping observed -15

All filesystem and process activity is consistent with the OpenClaw runtime loading a plugin: reading system libraries, platform config files, user profile, and JIT-compiling TypeScript modules. No anomalous behavior detected.

LOW Messaging bridge creates inherent data sensitivity -28

This skill guides building an iMessage bridge via BlueBubbles. By nature, an agent working on this plugin handles phone numbers, message content, and chat identifiers. This is not malicious but represents an elevated sensitivity surface compared to non-messaging skills.