imsg

The manifest describes a legitimate macOS CLI that needs high privileges to function; those privileges enable access to sensitive user data and sending messages. There is no explicit evidence of malicious code in the provided text, but the combination of extremely sensitive privileges and distribution via a personal Homebrew tap elevates supply-chain risk. Before installation, the source or binary should be audited for telemetry or exfiltration behaviors and the install origin should be treated as moderately untrusted.