ClawHub

iMessage Voice Reply

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local text-to-speech helper for creating and sending iMessage voice replies through BlueBubbles, with no evidence of hidden data theft or destructive behavior.

Install this only if you want your agent to generate synthesized voice replies and send them through your BlueBubbles/iMessage setup. Review the recipient and content before sending, and be aware that setup downloads unpinned Python packages and model files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill instructs the agent to run shell commands and read local files, but the manifest shown in SKILL.md does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: a platform or reviewer may treat the skill as lower risk than it really is, while the skill can still drive local command execution and file access through agent behavior.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The description claims purely local zero-cost voice reply generation for native iMessage bubbles, but the documented setup downloads models from the network and the workflow may generate fallback MP3 output instead of the claimed native CAF/Opus result. This mismatch can mislead users and automated policy systems about data flow, platform behavior, and actual capabilities, which is especially risky for a messaging skill handling user communications.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal