Beeper API CLI

Security checks across malware telemetry and agentic risk

Overview

This messaging skill is mostly coherent, but it should be reviewed because it requires a powerful Beeper token and delegates that token to an unbundled hard-coded CLI binary while also auto-launching Beeper Desktop.

Install only if you can verify the Beeper CLI binary at the path used by beeper.sh and you are comfortable giving it your Beeper bearer token. Keep the API bound to localhost unless you intentionally configure remote access, and approve sends only after reviewing the exact recipient and full message.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The wrapper does more than invoke the Beeper CLI: it conditionally launches a GUI desktop application on behalf of the caller. In an agent/skill context, that is a side effect outside the stated CLI purpose and can surprise users, trigger unintended app execution, and expand the trusted computing surface from a local CLI to a full desktop app with networked messaging capabilities.

Intent-Code Divergence

Medium

Confidence: 90% confidence
Finding: The script header describes the skill as a CLI wrapper, but it also auto-starts Beeper Desktop, which is a materially different capability. This mismatch reduces transparency for users and agents, making it easier to trigger unexpected local execution and network access under the guise of a simple command wrapper.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal