Skills
skills/deusyu/claude-to-im-skill/claude-to-im/Gen Agent Trust Hub

claude-to-im

Warn

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PERSISTENCE_MECHANISMS]: The skill automatically configures system-level persistence to ensure the bridge daemon remains active across sessions. On macOS, it creates a LaunchAgent (~/Library/LaunchAgents/com.claude-to-im.bridge.plist), and on Windows, it provides functionality to install itself as a Windows Service using WinSW or NSSM.
  • [COMMAND_EXECUTION]: The skill manages a background Node.js daemon and spawns the Claude CLI (claude command) or Codex CLI as subprocesses to execute agent logic. This is facilitated through supervisor scripts (scripts/supervisor-macos.sh, scripts/supervisor-linux.sh, scripts/supervisor-windows.ps1).
  • [EXTERNAL_DOWNLOADS]: During installation or setup, the skill fetches its core bridge implementation from a GitHub repository (github:op7418/claude-to-im) as a Node.js dependency.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted messages from external IM platforms. While a 'Permission Gateway' is implemented to require human approval for tool usage, the configuration supports an optional CTI_AUTO_APPROVE flag which, if enabled by the user, allows external chat messages to trigger automated command execution on the host system without manual intervention.
  • [DYNAMIC_EXECUTION]: The skill uses dynamic import() calls (via the Function constructor) in src/llm-provider.ts and src/codex-provider.ts to lazily load optional SDK dependencies for Codex and Claude Code at runtime.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 25, 2026, 03:57 PM