Imessage Sender
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill mostly matches its iMessage image-sending purpose, but its script builds AppleScript from unescaped filenames and phone numbers, which could allow unintended local automation with crafted inputs.
Install only if you intend to let OpenClaw send images through Messages on a Mac. Verify the recipient and image before use, avoid unusual characters in filenames or phone numbers until the AppleScript escaping issue is fixed, and clear ~/Pictures/openclaw-send/ if copied images are sensitive.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A specially crafted phone number or filename containing AppleScript-breaking characters could make the agent run unintended local automation under the user's account.
The recipient and image path are user-controlled, and the copied file path keeps the original filename. Both values are inserted directly into AppleScript string literals without escaping before execution by osascript.
recipient = sys.argv[2] ... image_path = sys.argv[3] ... send POSIX file "{send_path}" to participant "{formatted_recipient}" ... subprocess.run(['osascript', '-e', script], ...)Escape AppleScript string literals, validate recipients as phone numbers, and preferably pass the path and recipient to osascript as arguments rather than interpolating them into code.
Images will be sent from the user's Messages account to the configured or supplied recipient.
The skill sends messages through the locally signed-in Messages/iMessage account. This is purpose-aligned, but it uses the user's account authority to send content externally.
tell application "Messages" ... send POSIX file "{send_path}" to participant "{formatted_recipient}"Use only with intended recipients, and verify the file path before asking the agent to send an image.
The skill may fail or trigger unexpected macOS automation permission prompts if installed outside the intended Mac environment.
The code depends on macOS osascript and the Messages app, while the supplied metadata lists no required binaries and no OS restriction.
subprocess.run(['osascript', '-e', script], capture_output=True, text=True)
Declare macOS-only support and the osascript/Messages dependency in the metadata or install requirements.