Back to skill
Skillv1.0.0
ClawScan security
iMessage & Signal Analyzer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 20, 2026, 2:20 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This skill's code and instructions match its stated purpose: it analyzes local iMessage DBs and Signal export JSONs, asks for local read access (Full Disk Access on macOS) but does not request external credentials or appear to exfiltrate data.
- Guidance
- This skill appears to do exactly what it claims: local analysis of iMessage and Signal exports. It does require reading sensitive local files (~/Library/Messages/chat.db and your Address Book) and may need Full Disk Access for Python/Terminal on macOS; be careful about granting that. The included script does not make network calls or require external credentials, but review the script yourself if you can and run it locally rather than giving any remote agent blanket permission. If you want extra safety, export Signal data manually, run the script offline, avoid granting Full Disk Access to generic/unknown Python binaries, and disable autonomous invocation for this skill so it cannot run without your explicit command.
Review Dimensions
- Purpose & Capability
- okName/description, SKILL.md, and the included Python script all focus on analyzing iMessage (macOS) and Signal exports. The script reads ~/Library/Messages/chat.db and Signal export JSONs and performs local analysis; no unrelated services, binaries, or credentials are requested.
- Instruction Scope
- okRuntime instructions are consistent with the task: grant Full Disk Access to read chat.db if needed, use signal-cli to export Signal data, and run the provided analyze.py script. The instructions and script only read local message/contact files and print analysis; they do not instruct sending data to external endpoints.
- Install Mechanism
- okThere is no install spec (instruction-only with a bundled script). The README suggests installing signal-cli via brew/GitHub, which is reasonable for Signal exports. No downloads or archive extraction are performed by the skill itself.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths in metadata. It legitimately may require Full Disk Access on macOS to read the Messages DB and requires a user-run signal-cli export for Signal; these are proportionate to its stated functionality.
- Persistence & Privilege
- noteThe skill is not set to always:true and does not request persistent system changes. However, it reads highly sensitive local data (messages/contacts). Because the agent can invoke skills autonomously by default, consider the privacy implications of allowing autonomous runs that could open the Messages DB if Full Disk Access is granted.