Beeper API CLI
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: beeper-api-cli Version: 1.0.0 The skill is designed to interact with the local Beeper Desktop API for messaging. The `SKILL.md` explicitly includes a 'CRITICAL: Message Sending Policy' that mandates user approval before sending any message, acting as a strong defense against prompt injection for sensitive actions. The `beeper.sh` wrapper script ensures the `BEEPER_TOKEN` environment variable is set, auto-starts Beeper Desktop if not running, and waits for the local API to be ready, all of which are legitimate and robust behaviors. There is no evidence of unauthorized data exfiltration, malicious execution, persistence, or obfuscation, and the network calls are confined to the local Beeper API unless explicitly configured by the user in Beeper Desktop settings for remote access.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or using the skill could hand your Beeper token and messaging actions to an executable that was not available for review in these artifacts.
The wrapper delegates all real work to a hardcoded executable that is not included in the supplied file manifest and has no install specification or provenance, despite the skill using chat account credentials and send/read authority.
BEEPER_CLI="/Users/ashrafali/clawd/skills/beeper-api-cli/beeper" ... exec "$BEEPER_CLI" "$@"
Do not use until the actual Beeper CLI binary source, install method, checksum or package provenance, and expected path are declared and reviewable.
An unintended send could message contacts on WhatsApp, Telegram, Signal, Instagram, LinkedIn, Facebook Messenger, or other connected services.
The skill exposes message sending across connected chat networks. The approval policy is clear and appropriate, but the capability can have real-world impact if not followed.
NEVER SEND ANY MESSAGE WITHOUT EXPLICIT USER APPROVAL ... beeper.sh send --chat-id <chat-id> --message "Your message here"
Require the agent to show the exact message and destination, then wait for your explicit approval before every send.
The token can allow access to your Beeper Desktop API, including private messages and sending ability for connected accounts.
The wrapper requires and uses a Beeper bearer token, while the registry metadata declares no required environment variables and no primary credential.
: ${BEEPER_TOKEN:?"BEEPER_TOKEN must be set in environment"} ... curl -s -f -H "Authorization: Bearer ${BEEPER_TOKEN}"Set the token only in a trusted environment, keep BEEPER_API_URL pointed at localhost or another trusted host, and prefer metadata that explicitly declares the required credential.
Private chat content may be shown to the agent, and messages from other people could try to influence the agent's behavior.
The skill is intended to retrieve chat messages into the agent's context. Those messages may contain private data or third-party text that should be treated as data, not instructions.
Get recent messages for context ... Search across all chats
Limit retrieval to chats needed for the task and instruct the agent to ignore instructions found inside retrieved messages unless you confirm them.
A read or list command can start Beeper Desktop and make the local API available if your token is set.
Invoking the wrapper can automatically launch Beeper Desktop if it is not already running. This is aligned with the skill's purpose but may surprise users.
if ! is_beeper_running; then ... open -a "Beeper Desktop"
Use the skill only when you expect Beeper Desktop to be opened and the local API to be contacted.