Signal Hardened
Security checks across malware telemetry and agentic risk
Overview
The bridge skill has a clear purpose, but it asks for messaging credentials and daemon control while relying on local scripts and support files that are not included for review.
Review before installing. Only use this if you can inspect and trust the separate claude-to-im scripts it will run, confirm the install path points to the intended skill, and keep platform tokens scoped, masked, and stored only in ~/.claude-to-im/config.env with restrictive permissions.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.