Images Sender
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill mostly does what it says, but it builds an AppleScript command from unescaped phone-number and filename/path inputs, which could allow crafted inputs to trigger unintended actions.
Review carefully before installing. This skill can send files through your Messages app, stores local copies of sent images, and should not be used with untrusted filenames or recipient strings until the AppleScript escaping/validation issue is fixed.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or malformed phone number or image filename could cause the skill to run unintended AppleScript or local commands under the user's account.
The AppleScript passed to osascript includes user-controlled recipient and filename/path-derived values without escaping or validation. Quotes or newlines in those values could alter the AppleScript rather than being treated only as data.
script = f''' ... send POSIX file "{send_path}" to participant "{formatted_recipient}" ... '''
result = subprocess.run(['osascript', '-e', script], ...)Escape AppleScript string literals or pass parameters safely, strictly validate the recipient as a phone number, rename copied files to safe characters, and add confirmation before sending.
If invoked on the wrong image or recipient, the agent may send a private file/message immediately.
The skill is designed to let the agent send an image through Messages once requested. That is core functionality, but it is still an external communication action with no separate confirmation step described.
When user requests to send an image, automatically send via iMessage to the phone.
Use it only with explicit recipient and image choices, and consider adding a confirmation step before each send.
Messages will appear to come from the user's own Apple/iMessage identity and may reveal account/contact metadata.
The script controls the local Messages app, so sends occur using the user's active Messages/iMessage account rather than a separate scoped credential.
tell application "Messages"
activate
send POSIX file "{send_path}" to participant "{formatted_recipient}"Install only on a Mac where you are comfortable allowing the agent to send through your Messages app, and verify the configured recipient.