Back to skill
Skillv1.0.1
ClawScan security
Imsg Media · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 28, 2026, 7:06 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and required environment variable line up with its stated purpose (fetch iMessage attachments and transcribe images/audio), but it requires Full Disk Access and will upload audio to a third‑party ASR service — review those privacy implications before installing.
- Guidance
- This skill does what it says — it locates iMessage attachments (requires the imsg CLI) and uploads audio files to the Silicon Flow ASR endpoint for transcription. Before installing: (1) understand that you must grant Full Disk Access to the process running OpenClaw/your terminal — that allows reading all Messages data and attachments; (2) review Silicon Flow's privacy/security policy because audio will be sent to api.siliconflow.cn; (3) prefer using a one-time --api-key override instead of putting a long-lived key in ~/.openclaw/.env if you want less persistence; (4) verify the imsg CLI you install is from a trusted source; (5) note the small filename/slug mismatch in the README (cd path) and check the skill directory name before running. If you are uncomfortable granting FDA or sending audio to an external service, do not install or run this skill.
Review Dimensions
- Purpose & Capability
- okName/description match what the files do: the script uses the 'imsg' CLI to locate iMessage attachments and sends audio to Silicon Flow for transcription. Required binary (imsg) and env var (SILICON_FLOW_KEY) are expected for this functionality. Minor inconsistency: SKILL.md asks to cd into '~/.openclaw/skills/imsg-voice-transcribe' while the registry slug is 'imsg-media' (directory/name mismatch), but this is an operational nit, not a functional mismatch.
- Instruction Scope
- okRuntime instructions and the script operate within the declared scope: they read Messages attachments via the imsg CLI, classify files as audio/image, upload audio to the declared Silicon Flow API, and instruct the agent to use its vision model for images. The skill explicitly requires Full Disk Access so it can read ~/Library/Messages attachments; that is necessary but also grants broad access to message contents (see guidance). The script only reads the specified env file (~/.openclaw/.env) for the API key and does not attempt to read unrelated system config.
- Install Mechanism
- okThis is instruction-only with one included script; there is no automated install or remote download. The only external install the SKILL.md recommends is 'npm install -g imsg' for the imsg CLI, which is reasonable and expected.
- Credentials
- concernThe single required credential (SILICON_FLOW_KEY) is appropriate for the declared cloud transcription service, but the skill requires Full Disk Access to read Messages data — a high privilege that exposes all message attachments and metadata. Additionally audio files are uploaded to https://api.siliconflow.cn, so granting the API key and FDA has privacy/egress implications. The script only reads the stated ~/.openclaw/.env file for the key and supports a one-off --api-key override (good), but users should confirm they trust the external ASR provider before storing a long‑lived key.
- Persistence & Privilege
- okThe skill does not request always:true, does not modify other skills' configs, and has no install-time persistent service. It suggests adding the API key to ~/.openclaw/.env for convenience, which is normal but increases persistent credential exposure if used.