ClawHub

Beeper CLI

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Beeper messaging CLI wrapper, but it should be used carefully because it can read chats, send or edit messages, and transfer attachments.

Install only if you trust the publisher and are comfortable giving an agent access to your Beeper chats. Keep BEEPER_ACCESS_TOKEN private, prefer a pinned release, review recipients/message text/file paths before any send/edit/archive/create/upload/download/delete action, and use read-only behavior when you only need search or message review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The manifest description says the skill can search, list/read, and send messages, but the documented commands also allow editing messages, archiving chats, creating chats, managing reminders, and uploading/downloading assets. This understates the skill’s write and state-changing capabilities, which can mislead an agent or reviewer about the level of authority the skill has over user communications and data.

Context-Inappropriate Capability

Low
Confidence
77% confidence
Finding
The skill includes `beeper focus` commands that can manipulate the desktop application window despite the skill being presented primarily as a messaging/search wrapper. While not directly a data-exfiltration primitive, unnecessary UI control expands the operational surface and can cause unintended user-impacting behavior or be chained with other actions for social engineering or disruption.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documents multiple state-changing and externally communicating operations—sending messages, editing messages, archiving chats, creating chats, uploading attachments, downloading assets, and deleting reminders—without prominent warnings about data modification, outbound communications, or privacy risks. In a messaging context, these actions are particularly sensitive because they can alter records, contact third parties, and handle potentially private content or files.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal