Imsg
WarnAudited by ClawScan on May 1, 2026.
Overview
The skill is clearly described, but it needs review because it asks for broad macOS Messages access that can read private chats and attachments and send iMessage/SMS messages from your account.
Review carefully before installing. This is not shown as malicious, but it handles very sensitive Messages.app data and can send messages as you. Install only from a trusted source, grant macOS permissions deliberately, keep commands tightly scoped, and require clear confirmation before any send operation.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If misused, the agent or CLI could read sensitive conversations and attachments or send iMessage/SMS messages as you.
The skill operates through the user's signed-in Messages account and asks for broad local and app-control permissions, enabling access to private messages and sending from the user's identity.
Requirements - Messages.app signed in - Full Disk Access for your terminal - Automation permission to control Messages.app (for sending)
Only install if you trust the imsg CLI and need this functionality. Grant Full Disk Access and Automation deliberately, and revoke them when no longer needed.
A mistaken or overly broad invocation could expose private message content or send an unintended message or attachment.
The documented CLI exposes direct read, watch, attachment, and send operations. The skill advises confirmation, but the artifacts do not show a technical approval gate before high-impact sends.
History: `imsg history --chat-id 1 --limit 20 --attachments --json` Watch: `imsg watch --chat-id 1 --attachments` Send: `imsg send --to "+14155551212" --text "hi" --file /path/pic.jpg`
Require explicit user confirmation before every send, verify recipients and attachments carefully, and use the narrowest chat IDs and limits possible.
Your security depends on the Homebrew formula and binary behaving as advertised.
The skill depends on an external Homebrew tap for the executable. This is disclosed and expected for a CLI skill, but users must trust that external package, especially because it receives sensitive macOS permissions.
brew | formula: steipete/tap/imsg | creates binaries: imsg
Review the Homebrew formula and project homepage before installing, and keep the CLI updated from a trusted source.
Private conversations and attachments may be exposed to the agent session, and text from contacts should not be treated as instructions.
Message history and live chat content can be brought into the agent's working context. Messages from other people are untrusted content and may include misleading instructions or sensitive data.
History: `imsg history --chat-id 1 --limit 20 --attachments --json` Watch: `imsg watch --chat-id 1 --attachments`
Limit retrieved chats and attachments, avoid unnecessary history dumps, and treat message contents as data rather than commands.