Back to skill

Security audit

BlueBubbles (tc)

Security checks across malware telemetry and agentic risk

Overview

This is a coherent BlueBubbles/iMessage integration, but it should be installed only with clear controls because it can send and manage real messages.

Install only if you operate and trust the BlueBubbles server. Use HTTPS where possible, keep the server password secret, replace allowed_senders = ["*"] with specific trusted handles, and require explicit confirmation before sending attachments, editing, reacting to, or unsending messages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill enables the agent to send and modify iMessages on the user's behalf, but the description does not clearly warn about that capability or its consequences. This can lead to unintended outbound communication, message edits, reactions, or unsend actions being triggered without the user understanding the scope of authority granted to the skill.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill routes message content, metadata, and attachments to a self-hosted BlueBubbles server, but the description does not disclose this privacy-sensitive data flow. Users may unknowingly expose private conversations or files to another service endpoint, especially if the server is misconfigured, insecurely hosted, or accessed over plain HTTP as shown in the example.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.