beepctl
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Beeper messaging CLI skill, but it can access chats, send messages, and handle API tokens, so users should verify the CLI and confirm actions.
Install this only if you trust the `beepctl` CLI source and are comfortable giving the agent access to Beeper-connected conversations. Always require confirmation before sending messages or mutating chats, avoid displaying API tokens, and verify aliases resolve to the intended recipients.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used carelessly, the agent could send messages from the user’s real messaging accounts.
The skill can send messages through connected messaging platforms, which is high-impact. The artifact does include an explicit confirmation requirement, so this is a purpose-aligned note rather than a concern.
⚠️ **NEVER send messages without explicit user approval first!** Always show the message content and recipient, then ask for confirmation.
Confirm recipient and exact message text before every send, and avoid `--quiet` options unless the user specifically requests them.
A displayed token could end up in agent context, logs, or transcripts and may allow unauthorized access if copied elsewhere.
The CLI can manage and display a Beeper Desktop API token, which may grant access to connected messaging accounts. This is expected for the integration, but the token is sensitive.
beepctl auth show # Check auth status and token beepctl auth set <token> # Set API token
Do not ask the agent to show tokens unless necessary; revoke or rotate the token if it is exposed.
Installing or running the external CLI gives that package access consistent with the user’s Beeper configuration.
The skill relies on an external globally installed npm binary. No package code is included in the provided artifacts, so the scanner cannot verify the binary’s implementation.
metadata: {"clawdbot":{"emoji":"🐝","requires":{"bins":["beepctl"]},"install":[{"id":"npm","kind":"npm","package":"beepctl","global":true,"bins":["beepctl"],"label":"Install beepctl (npm)"}]}}Install only from the expected npm/GitHub source, review the package if possible, and keep it updated from a trusted channel.
A message intended for one person or group could be sent to another if an alias maps to the wrong chat.
Persistent aliases can affect future recipient resolution. If an alias is stale or incorrect, later commands could target the wrong chat.
beepctl alias add work <chat-id> # Create alias beepctl send work "Using alias!" # Use alias in any command
Verify alias values before sending, and include the resolved chat or recipient in confirmation prompts.