bluebubbles
ReviewAudited by ClawScan on May 11, 2026.
Overview
The skill matches its iMessage purpose, but it grants broad authority to send or alter messages and attachments without clearly documenting confirmation or recipient limits.
Install only if you trust the BlueBubbles server and are comfortable letting the agent send or alter iMessages. Configure a trusted server URL, protect the server password, restrict allowed_senders to known contacts, and require explicit confirmation before sending messages or attachments.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent uses this capability incorrectly, it could send messages or files, react to messages, or alter conversations from the user's iMessage account.
The skill advertises the ability to send and modify iMessage conversations, including attachments, but the supplied instructions do not describe confirmation, recipient scoping, or review controls for these high-impact actions.
Supports text messages, attachments, reactions, edits, unsend ... "tool": "bluebubbles_send" ... "target": "+15551234567"
Require explicit user confirmation before every send, edit, unsend, reaction, or attachment; restrict permitted recipients where possible.
Anyone or any agent process with this password may be able to access the BlueBubbles server and send messages through it.
The BlueBubbles server password is expected for this integration, but it grants access to the user's messaging server and is not reflected as a primary credential in the registry metadata.
password = "your-server-password"
Store the password securely, rotate it if exposed, and ensure the registry/installation documentation clearly declares the required credential.
Unexpected contacts could potentially send messages into the channel, increasing the chance of unwanted prompts, data exposure, or accidental replies.
The example configuration allows all senders, which may broaden who can interact with the messaging channel if the gateway treats incoming iMessages as allowed inputs.
allowed_senders = ["*"] # Allow all senders, or list specific handles
Replace the wildcard with a small list of trusted handles and review how inbound BlueBubbles messages are routed to the agent.