Claw Me Maybe - Beeper Desktop API & Multi-Platform Messaging
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: claw-me-maybe Version: 1.2.1 The skill is classified as benign. All demonstrated network interactions via `curl` are directed to `http://localhost:23373`, which is the local Beeper Desktop API. While the skill utilizes `curl` and reads an environment variable (`BEEPER_ACCESS_TOKEN`), these actions are consistently used for legitimate interaction with the local Beeper API as described in `SKILL.md`, without any evidence of data exfiltration to external endpoints, malicious execution of remote payloads, persistence mechanisms, or prompt injection aiming for harmful objectives. The instructions and code snippets are aligned with the stated purpose of providing multi-platform messaging integration.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may be able to send messages, add reactions, or mark conversations read on your behalf across connected platforms.
The skill intentionally enables message-sending through Beeper across multiple services, which is purpose-aligned but can have real-world impact if the agent sends to the wrong recipient or channel.
💬 **Send Messages Anywhere** - "Tell Mom I'll be late" - and it goes to WhatsApp. "Message the team on Slack" - done.
Use explicit recipient and message wording, and ask the agent to confirm before sending or changing chat state.
Anyone or anything with access to that token may be able to act through your Beeper-connected messaging accounts.
The skill asks users to place a Beeper access token in the Clawdbot config, allowing the agent to authenticate to the local Beeper Desktop API.
"BEEPER_ACCESS_TOKEN": "your-token-here"
Treat the Beeper token like a password, store it only in the intended local config, rotate or remove it when no longer needed, and avoid sharing logs or config files containing it.
Sensitive chat content may be exposed to the agent during searches or summaries, and malicious text inside chats could try to influence the agent's behavior.
Searching and summarizing all Beeper chats can bring private or work messages into the agent's context, including untrusted messages from other people.
🔍 **Search Everything** - "What did Sarah say about the project last week?" Your lobster will dig through all your Beeper chats instantly.
Keep queries scoped to the chats and time ranges you need, avoid asking it to process highly sensitive conversations unless necessary, and treat retrieved message contents as untrusted context.