kakaotalk-mac

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/kakaotalk_mac.py executes system utilities (/usr/sbin/ioreg, /usr/bin/plutil) and the kakaocli binary using subprocess.run. This is used to retrieve the IOPlatformUUID and convert plist files to XML for parsing authentication metadata.
  • [EXTERNAL_DOWNLOADS]: The SKILL.md file instructs the user to install the kakaocli tool from a third-party Homebrew tap (silver-flight-group/tap/kakaocli). This source is not verified as a well-known service or trusted organization.
  • [CREDENTIALS_UNSAFE]: The helper script derives SQLCipher database keys using PBKDF2-HMAC-SHA256 and caches them in plaintext at ~/.cache/k-skill/kakaotalk-mac-auth.json. Although it attempts to restrict file permissions to the owner (0o600), storing decryption keys on disk increases the risk of credential exposure if the local environment is compromised.
  • [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8):
  • Ingestion points: Untrusted chat message content is ingested via kakaocli messages and kakaocli search commands.
  • Boundary markers: The skill lacks explicit delimiters or instructions to ignore embedded commands within chat messages.
  • Capability inventory: The skill has the capability to execute shell commands (via kakaocli) and write to the local filesystem (cache files).
  • Sanitization: No sanitization or filtering of incoming chat content was observed before it is returned to the agent context.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 05:03 AM
Security Audit — agent-trust-hub — kakaotalk-mac