imsg

The provided fragment documents a legitimate CLI for controlling Messages.app that necessarily requires high-risk macOS permissions (Full Disk Access and Automation). The security concerns are primarily supply-chain and privacy-related: obtaining the binary from a third-party Homebrew tap without checksums/signatures, combined with the broad access the binary requires, creates a realistic risk of data exposure or misuse if the binary were compromised or malicious. There is no explicit evidence of malicious code in the README itself, but absence of source or network transparency prevents ruling out exfiltration. Recommendations: audit the Homebrew formula and binary before installation, verify checksums/signatures or build from source if possible, grant Full Disk Access and Automation only to a verified executable, and monitor network activity from the binary post-installation.