Skillv1.0.0

ClawScan security

Images Sender · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 8, 2026, 10:02 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose (sending images via macOS Messages); it runs locally, writes a small config and copies images to a local Pictures folder, and does not request external credentials or network access.
Guidance: This skill appears to do what it says: it copies images to ~/Pictures/openclaw-send, saves a small JSON config at ~/.openclaw/workspace/imessage-sender-config.json, and uses osascript to send the image via the Messages app. Before installing or running: (1) inspect the script yourself (it is included) and verify you are comfortable with it writing to those paths; (2) be aware macOS will likely ask you to allow automation access to Messages; (3) test with a non-sensitive image and a number you control; (4) note a minor mismatch: saving a default recipient does not get used by the send command — the script expects an explicit recipient for send; (5) the script interpolates the recipient into AppleScript without sanitization, so avoid passing untrusted strings as the recipient. If you want tighter privacy, consider editing the script to store and use the default recipient and to validate/sanitize inputs.

Review Dimensions

Purpose & Capability: okName/description (send images via iMessage) aligns with the included Python script and SKILL.md. The script copies images to ~/Pictures/openclaw-send, saves a small JSON config, and uses osascript to drive the Messages app — all expected for this purpose. Minor inconsistency: SKILL.md paths reference the skill workspace path while the script stores its config at ~/.openclaw/workspace/imessage-sender-config.json (outside the skill folder), but this is not disproportionate to the stated function.
Instruction Scope: noteInstructions and script stay within scope: they copy a file, save a default recipient, and invoke osascript to send via Messages. They do not call external endpoints or read unrelated system data. Notes: the script always copies images to ~/Pictures/openclaw-send (documented), and the SKILL.md suggests a default-recipient workflow but the send command in the script requires an explicit recipient (the saved default is not used by send), which is an inconsistency. Also, recipient and paths are interpolated directly into AppleScript without sanitization — a potential injection/abuse vector if untrusted input is provided.
Install Mechanism: okNo install spec; this is instruction-only with a single included script. Nothing is downloaded or installed by the skill at runtime beyond writing a small config and copying files into the user's Pictures folder.
Credentials: okThe skill requests no environment variables, no external credentials, and no special config paths beyond writing its own config (~/.openclaw/workspace/imessage-sender-config.json) and copying to ~/Pictures/openclaw-send. These are proportionate to the task of sending images via the local Messages app.
Persistence & Privilege: okThe skill is not forced-always; it is user-invocable and does not modify other skills or system-wide settings. It creates a per-user config and a per-user image folder, which is expected for its function. Note: using osascript will likely prompt macOS automation/access permissions for controlling the Messages app.