Is minsu7893/imsg-1-0-0 safe?

https://github.com/openclaw/skills/tree/main/skills/minsu7893/imsg-1-0-0

95
SAFE

This skill provides clean documentation for using the macOS imsg CLI tool to interact with iMessage/SMS. While the skill itself contains no malicious code, it enables message sending capabilities that could potentially be misused. The skill includes responsible guidance about confirming recipients before sending.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 75/100 · 5%

Findings (2)

LOW Message sending capability -15

The skill enables an AI agent to send iMessages and SMS through the imsg CLI tool. While not directly malicious, this provides a communication channel that could potentially be misused for data exfiltration if the agent's behavior were compromised.

LOW Elevated system permissions required -25

The skill requires Full Disk Access and Automation permissions to control Messages.app, which increases the potential attack surface. However, these are necessary for the legitimate functionality.