Back to skill

Security audit

bluebubbles

Security checks across malware telemetry and agentic risk

Overview

This skill is a real iMessage bridge with no code payload, but it gives an agent broad ability to send or alter live messages without enough safety guidance.

Review before installing. Use only with a BlueBubbles server you control and trust, prefer HTTPS or a private network, protect the server password, replace allowed_senders = ["*"] with trusted contacts, and require explicit confirmation before any send, attachment, reaction, edit, or unsend action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill enables sending real iMessages, reactions, edits, unsend actions, and attachments, but the description does not warn users that these operations can affect live conversations with real recipients. This increases the risk of unintended outbound messages or conversation changes being triggered by an agent or user without adequate awareness of real-world consequences.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill routes message content and attachments through a self-hosted BlueBubbles server, yet it lacks a privacy/security notice about transmission, storage, and exposure risks on that server. Users may unknowingly send sensitive content through infrastructure that could be misconfigured, insufficiently protected, or reachable over insecure HTTP as shown in the example configuration.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.