The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses shell scripts (daemon.sh, doctor.sh) and PowerShell (supervisor-windows.ps1) to manage the background bridge daemon. This includes starting, stopping, and monitoring the process across different operating systems.
[COMMAND_EXECUTION]: On macOS, the skill uses launchctl to register a LaunchAgent for persistence, and on Windows, it provides options to install a Windows Service using third-party managers like WinSW or NSSM. This functionality is intended for its core purpose as a background bridge service.
[EXTERNAL_DOWNLOADS]: The doctor.sh diagnostic script and the bridge daemon perform network requests to official messaging platform APIs (e.g., api.telegram.org, open.feishu.cn, bots.qq.com) to validate credentials and exchange messages. These operations target well-known services associated with the skill's primary function.
[DATA_EXFILTRATION]: The skill manages sensitive API tokens for various IM platforms. It implements security best practices by storing these credentials with restricted file permissions (chmod 600) and employing a masking mechanism to redact secrets from log files and terminal output.
[PROMPT_INJECTION]: As a bridge to external messaging platforms, the skill establishes an ingestion point for untrusted data (IM messages). While this constitutes an attack surface for indirect prompt injection, it is the inherent nature of a chat bridge, and the skill provides permission-gating (Allow/Deny buttons) for tool usage to mitigate risk.

claude-to-im