iMessage & Signal Analyzer
PassAudited by ClawScan on May 10, 2026.
Overview
This skill appears to do what it claims, but it handles very private message history and may require broad local permissions or Signal account linking.
Use this skill only if you are comfortable letting the agent analyze private iMessage or Signal conversations. Prefer limiting the analysis to the intended contact, protect any Signal export JSON file, and revoke Full Disk Access or unlink signal-cli when you are done if you do not need ongoing access.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private conversations, including recent message content, may appear in the analysis output and the agent transcript.
The script reads private iMessage text and prints recent message snippets for the agent or user to analyze.
SELECT message.ROWID, message.text, message.date, message.is_from_me, message.attributedBody ... print("\nRecent messages:")Run it only for contacts you intend to analyze, consider using --limit, and avoid sharing the output if it contains sensitive personal details.
Granting this permission could allow Python or the terminal to read other protected local files, not just chat history.
Full Disk Access is a broad macOS permission that gives the selected app access beyond the specific Messages database.
If you get a permission error, grant Full Disk Access: ... add Python or your terminal app
Grant Full Disk Access only if needed, use a trusted Python/terminal app, and revoke the permission after the analysis if you no longer need it.
A linked Signal CLI device may retain access to Signal data until it is unlinked.
Linking signal-cli creates an additional Signal client capable of accessing exported Signal message data.
Link your device: `signal-cli link` and scan QR code
Use signal-cli only if you trust it, protect the generated export file, and unlink the CLI device when finished if you do not plan to keep using it.
Users must obtain and trust an external Signal export tool for Signal analysis.
The Signal workflow depends on an external tool that is not installed by this skill and is not declared in the registry requirements.
Install signal-cli: `brew install signal-cli` (macOS) or see https://github.com/AsamK/signal-cli
Install signal-cli only from trusted package sources and review its permissions and linked-device state.