kakaotalk-mac
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/kakaotalk_mac.pyexecutes system utilities (/usr/sbin/ioreg,/usr/bin/plutil) and thekakaoclibinary usingsubprocess.run. This is used to retrieve theIOPlatformUUIDand convert plist files to XML for parsing authentication metadata. - [EXTERNAL_DOWNLOADS]: The
SKILL.mdfile instructs the user to install thekakaoclitool from a third-party Homebrew tap (silver-flight-group/tap/kakaocli). This source is not verified as a well-known service or trusted organization. - [CREDENTIALS_UNSAFE]: The helper script derives SQLCipher database keys using PBKDF2-HMAC-SHA256 and caches them in plaintext at
~/.cache/k-skill/kakaotalk-mac-auth.json. Although it attempts to restrict file permissions to the owner (0o600), storing decryption keys on disk increases the risk of credential exposure if the local environment is compromised. - [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8):
- Ingestion points: Untrusted chat message content is ingested via
kakaocli messagesandkakaocli searchcommands. - Boundary markers: The skill lacks explicit delimiters or instructions to ignore embedded commands within chat messages.
- Capability inventory: The skill has the capability to execute shell commands (via
kakaocli) and write to the local filesystem (cache files). - Sanitization: No sanitization or filtering of incoming chat content was observed before it is returned to the agent context.
Audit Metadata