Safety Report

Beeper CLI

Name: Beeper CLI
Author: foeken

@foeken

Search chats, list/read messages, and send messages via Beeper Desktop using the beeper-cli.

1,498Downloads

4Installs

0Stars

3Versions

Search & Retrieval2,116 CLI & Shell Tools1,805 Customer Support1,744

Security Analysis

medium confidence

Suspicious0.04 risk

The skill's instructions match its stated purpose (using the beeper CLI), but the registry metadata omits a required environment variable (BEEPER_ACCESS_TOKEN) and therefore the skill's declared requirements are inconsistent with its runtime instructions.

Feb 11, 20261 files2 concerns

Purpose & Capabilityok

Name/description (search/list/read/send via Beeper Desktop) align with the SKILL.md and the single required binary 'beeper'. The listed CLI commands in SKILL.md are consistent with that purpose.

Instruction Scopenote

Instructions are narrowly scoped to running beeper-cli commands (searching chats, listing messages, sending messages, uploading/downloading attachments, focusing the window). They reference file paths only where expected for uploads/downloads. The SKILL.md also instructs to set an API access token and to build/install beeper-cli; nothing in the instructions asks the agent to read unrelated system files or unrelated credentials.

Install Mechanismok

This is an instruction-only skill with no install spec (lowest risk). SKILL.md suggests downloading releases from GitHub or running 'go install', which is a typical, expected developer/install instruction. Note: building with 'go install' will fetch code from the public repo, so users should verify the upstream release/source before installing.

Credentialsconcern

SKILL.md requires an environment variable BEEPER_ACCESS_TOKEN (appropriate for the CLI), but the registry metadata lists no required environment variables. That mismatch is an incoherence: either the skill should declare that env var as required or the runtime instructions should not depend on it. No other unrelated credentials are requested.

Persistence & Privilegeok

The skill does not request always:true, does not declare config paths or other system-wide changes, and is user-invocable only. It does not ask for persistent presence or elevated platform privileges.

Guidance

This skill appears to do what it says (wrap the beeper CLI) but the metadata is inconsistent: SKILL.md requires BEEPER_ACCESS_TOKEN while the registry metadata lists no env vars. Before installing or using it: 1) Confirm you have the beeper binary from a trusted source and that the beeper-cli project (https://github.com/foeken/beeper-cli) is legitimate and the release you use is verified. 2) Expect to provide BEEPER_ACCESS_TOKEN in your environment — treat it like any API token (store in a password manager/secret store, and avoid pasting into public logs). 3) If you plan to build with 'go install', review the upstream repo and prefer pinned releases rather than @latest. 4) Be cautious when uploading/downloading files via the CLI; verify paths and contents before sending. 5) Consider asking the skill publisher to correct the registry metadata so required env vars are declared; the mismatch is an indicator of sloppy packaging and should be fixed before wide deployment.

Latest Release

v1.0.2

Add download binary option

More by @foeken

Clippy - Microsoft 365 CLI

5 stars

spots

1 stars

self-improving-agent

@pskoett · 1,456 stars

Gog

@steipete · 672 stars

Tavily Web Search

@arun-8687 · 620 stars

Find Skills

@JimLiuxinghai · 529 stars

Published by @foeken on ClawHub