imsg

Name: imsg
Author: steipete

View on ClawHub↗

Share on X Share on LinkedIn Share on Bluesky

100Critical

This skill enables data exfiltration of sensitive files and

ThreatsCI SM CS BC S HITL

Behavior Analysis

Description verified — behavior matches claim

Claims to do

imsg: Use `imsg` to read and send Messages.app iMessage/SMS on macOS.

Actually does

This skill executes the `imsg` command-line tool on macOS. It uses `imsg` to list chats, retrieve chat history (including attachments), watch for new messages, and send messages or files via the Messages.app. It requires `imsg` to be installed and relies on macOS permissions for Full Disk Access and Automation.

Threat Analysis

AI Agent Traps ↗Scanned 4/15/2026

Content InjectionPerceptionclean

Semantic ManipulationReasoningclean

Cognitive StateMemory & Learningclean

Behavioural ControlAction3 findings

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseer1 finding

Skill Info

Namesteipete/imsg

Registryclawhub

Version1.0.0

PURLpkg:clawhub/steipete/imsg@1.0.0

Stars21

Downloads13,314

Installs1,085

Source

Repository ↗

SHA-2568e9e9b4465f7...

SHA-15f01f59d4a20...

MD558849e3a07d8...

TLSH231123b759d8...

Size892 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

OpenClawDocs

https://clawhub.ai/steipete/imsg

13,314 downloads1,085 installs

ClawHubDocs

openclaw skills install steipete/imsg

Assessments (2)

AI Agent Traps ↗

Data Exfiltration & Arbitrary Message/File Sendingcriticaldata exfiltration

The skill allows sending arbitrary messages and files to any phone number, enabling data exfiltration of sensitive files (e.g., `~/.ssh/id_rsa`) and social engineering attacks by impersonating the user.

100% confidenceline 21

imsg send --to "+14155551212" --text "hi" --file /path/pic.jpg

Broad System Access Requirementhighprivilege escalation

The skill requires 'Full Disk Access for your terminal,' granting the underlying process unrestricted read/write access to the entire file system, significantly increasing the impact of any command execution.

100% confidenceline 14

Full Disk Access for your terminal

Sensitive Information Gathering (Reconnaissance)mediumreconnaissance

The skill can list all chats and retrieve full chat history, including attachments, allowing for extensive reconnaissance and collection of sensitive personal communications.

100% confidenceline 19

imsg chats --limit 10 --json, imsg history --chat-id 1 --limit 20 --attachments --json

Human Approval Bypass Potentiallowapproval fatigue

The note 'Confirm recipient + message before sending' indicates a human approval step, but an agent could generate numerous requests or craft misleading prompts to induce approval fatigue or bypass oversight.

80% confidenceline 25

Confirm recipient + message before sending.

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/clawhub/steipete/imsg.svg)](https://mondoo.com/ai-agent-security/skills/clawhub/steipete/imsg)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/clawhub/steipete/imsg"><img src="https://mondoo.com/ai-agent-security/api/badge/clawhub/steipete/imsg.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/clawhub/steipete/imsg.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow