Back to skill

Security audit

Beeper CLI

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Beeper messaging helper, but it can read chats and perform message or file actions, so it should be used deliberately.

Install only if you trust the third-party beeper-cli publisher and are comfortable giving an agent access to Beeper chats. Keep BEEPER_ACCESS_TOKEN private, prefer a pinned release over @latest when possible, and require explicit review of recipients, message text, chat IDs, and file paths before any send, edit, archive, create, upload, download, or delete action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest description materially understates the skill's capabilities: beyond searching, listing/reading, and sending messages, it also supports account enumeration, chat creation/archival/reminders, message editing, asset upload/download, and window focus. This mismatch can mislead users, policy engines, or reviewers into granting or invoking a broader-privileged skill than they intended, increasing the risk of unauthorized data access, data exfiltration via attachments, or unintended state-changing actions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.