iResponder

Things to check before installing: - Source trust: the package 'homepage' is unknown. Prefer code from a trusted repo. Review the full script contents locally before running. - Declared vs actual requirements: the registry metadata lists no env vars, but the code requires an OpenAI API key (OPENAI_API_KEY) or will try to read keys from ~/.clawdbot; watcher-old also looks for an Anthropic key. Confirm which provider/key you must supply and that you are comfortable storing it in that location. - macOS permissions: the skill requires Full Disk Access and Messages automation. Granting Full Disk Access to Terminal/iTerm allows these scripts to read many local files — only proceed if you accept that access. - Network & data exfiltration: the watcher sends conversation context to external LLM APIs (api.openai.com and/or api.anthropic.com). If you have sensitive message content, do not enable this unless you accept sending it to those services. - Telegram integration & command injection risk: telegram-handler invokes shell commands via execSync with user-provided strings. If you connect a Telegram bot or allow remote users to trigger these handlers, ensure the bot is restricted to trusted chats and consider sanitizing inputs or avoiding Telegram integration entirely. - Operational safety: run in test mode first (scripts provide a test mode) and monitor logs at ~/clawd/logs/imsg-autoresponder.log. Consider running under a separate user account or on a non-primary machine to limit blast radius. Backup ~/.clawdbot and verify no unexpected keys are leaked. - Recommended actions before install: verify the imsg CLI origin (brew tap steipete/tap), audit the scripts for any additional network endpoints, and add the required environment variables explicitly to the skill metadata or your deployment notes so you know what secrets are needed and where they will be read from. If you want, I can point out the exact lines that read credentials, perform network calls, or use execSync so you can inspect them closely.