Beeper
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is coherent and appears to do what it says—search local Beeper chat history—but it can expose sensitive private messages to the agent and installs an external CLI at the latest version.
This skill appears benign for its stated purpose. Before installing, make sure you are comfortable with an agent searching your local Beeper message database, and verify or pin the external beeper-cli package you install.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may read and summarize private Beeper conversations, including messages from connected services.
The skill intentionally retrieves local chat content into the agent context; this is purpose-aligned but can expose private conversations and any untrusted text contained in messages.
This skill provides **read-only access** to your local Beeper chat history. Browse threads, search messages, and extract conversation data.
Install only if you are comfortable letting the agent search your local Beeper history; use specific queries and avoid sharing retrieved chat output unless you have reviewed it.
The installed CLI behavior depends on the current upstream repository version at install time.
The install instruction fetches the latest version of an external Go CLI rather than a pinned version included in the artifact set.
go install github.com/krausefx/beeper-cli/cmd/beeper-cli@latest
Review the upstream repository and consider pinning a trusted version before installation.