beeper-mcp

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt explicitly instructs extracting access tokens from Beeper's local DB and embedding them into plaintext files/commands (credentials.json and example curl Authorization usage), which would require the agent/LLM to handle and potentially emit secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly fetches and processes user-generated messages from messaging networks (e.g., via list_messages / search_messages and the local Beeper MCP HTTP API like http://[::1]:23373/v1/chats), so arbitrary third‑party chat content is read and interpreted as part of its workflow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). Flagged because the skill instructs reading local app databases to extract access_tokens, writing plaintext credential and shell/config files, installing/running local tools, and otherwise modifying user-level state in ways that can expose secrets and alter the machine even without sudo.