Signal CLI
v0.1.0Send Signal messages and look up Signal recipients via the local signal-cli installation on macOS. Use when the user asks to message someone on Signal, send a Signal text/attachment, list Signal contacts, or resolve a recipient by name/nickname/phone number.
⭐ 3· 2k·6 current·6 all-time
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill's name, description, SKILL.md, and bundled scripts all focus on driving the local signal-cli binary to list contacts and send messages — this is coherent. However, the registry metadata declares no required binaries or environment variables even though the scripts invoke the 'signal-cli' executable and are Python scripts, so required runtime dependencies are not declared.
Instruction Scope
Runtime instructions and the two scripts stay within the stated scope: they call signal-cli to list contacts and send messages, resolve names to numbers, and accept optional attachment paths. They do not access unrelated system files or external endpoints. Note: attachments are taken as arbitrary file paths supplied to the script and passed to signal-cli; if an agent were allowed to choose attachments without user confirmation, that could be used to exfiltrate local files via Signal.
Install Mechanism
There is no install spec (instruction-only behavior plus shipped scripts), which is low-risk. The skill relies on existing local tooling rather than downloading code at install time. The only concern is the metadata omission of required binaries (signal-cli and a Python 3 runtime).
Credentials
The skill requests no environment variables or credentials, which is proportional. It implicitly uses the local signal-cli installation and its local account credentials/configuration — this is expected for a wrapper around a local CLI but is worth noting: the skill will act with whatever access the local signal-cli has to the user's Signal account and local config files.
Persistence & Privilege
The skill does not request persistent/always-on privileges, does not modify other skills or system-wide settings, and does not attempt to install background processes.
Assessment
This skill is a thin wrapper around your local signal-cli and appears to do nothing beyond calling that binary. Before installing, ensure: (1) you have signal-cli and Python 3 installed and registered/running locally (the skill does not declare these dependencies), (2) you trust the agent to confirm recipients and message text (the scripts accept attachments and arbitrary file paths which, if chosen by an agent without confirmation, could leak local files), and (3) you keep autonomous invocation limited unless you trust the skill — require explicit user confirmation before sending messages or attaching files. If you want higher assurance, inspect the included scripts yourself and test them locally (they're short and readable).Like a lobster shell, security has layers — review code before you run it.
latest
signal-cli (Signal Messaging)
Use the local signal-cli binary.
Preconditions
signal-cliis installed and already linked/registered.- For safety: confirm recipient + final message text with the user before sending.
Quick patterns
Discover available accounts
signal-cli listAccounts
List contacts (JSON)
signal-cli -o json -u "+386..." listContacts
Find a contact by name/nickname/number
Prefer the bundled script (handles fuzzy-ish matching + multiple matches):
python3 scripts/find_contact.py --account "+386..." --query "Name"
Send a message
Prefer the bundled script (resolves contact names to numbers):
python3 scripts/send_message.py --account "+386..." --to "Name" --text "Heyo ..."
If --to is already a phone number in E.164 (e.g. +386...), it sends directly.
Safety checklist (always)
- If resolving by name returns multiple matches, present options and ask the user which one.
- If message contains sensitive info, ask explicitly before sending via Signal.
- Default to
--service-environment live(signal-cli default) and normal trust behavior.
Comments
Loading comments...