ops-inbox
Manages inboxes across multiple channels, identifying messages needing replies and archiving handled conversations for efficient communication.
Install this skill
Security score
The ops-inbox skill was audited on May 29, 2026 and we found 19 security issues across 4 threat categories, including 5 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 43 | 1. **Preferences**: Read `${CLAUDE_PLUGIN_DATA_DIR:-$HOME/.claude/plugins/data/ops-ops-marketplace}/preferences.json` |
Template literal with variable interpolation in command context
| 47 | 2. **Daemon health**: Read `${CLAUDE_PLUGIN_DATA_DIR}/daemon-health.json` |
Template literal with variable interpolation in command context
| 51 | 3. **Ops memories**: Check `${CLAUDE_PLUGIN_DATA_DIR}/memories/` before drafting any reply: |
Template literal with variable interpolation in command context
| 117 | ```! |
Template literal with variable interpolation in command context
| 201 | 5. **Discord**: Via `${CLAUDE_PLUGIN_ROOT}/bin/ops-discord read <CHANNEL_ID> --limit 20 --json`. Requires `DISCORD_BOT_TOKEN` (v1 is channel-scoped — no DM/gateway support yet). Pre-configured read li |
Template literal with variable interpolation in command context
| 545 | 1. Resolve the read list: read `${CLAUDE_PLUGIN_DATA_DIR}/preferences.json` → `discord.inbox_channels[]`. If empty and `DISCORD_GUILD_ID` is set, fall back to `bin/ops-discord channels --json` (list t |
Template literal with variable interpolation in command context
| 547 | ```bash |
Webhook reference - potential data exfiltration
| 3 | description: Full inbox management across all channels — WhatsApp (wacli), Email (Gmail MCP), Slack (MCP), Telegram (user-auth MCP), Discord (webhook + REST read), Notion (MCP — comments, mentions, as |
Webhook reference - potential data exfiltration
| 543 | Discord v1 support is channel-scoped (webhook send + REST read). DM + gateway are deferred to a v2 issue. |
Access to hidden dotfiles in home directory
| 49 | - Also check `~/.wacli/.health` for live auth status before any wacli command |
Access to hidden dotfiles in home directory
| 61 | **Health file** — check `~/.wacli/.health` BEFORE any wacli command: |
Access to hidden dotfiles in home directory
| 131 | | `WACLI_STORE` | `~/.wacli` | wacli store directory | |
Access to hidden dotfiles in home directory
| 165 | 4. **ops-memories** (if available) — check `~/.claude/plugins/data/ops-ops-marketplace/memories/` for any stored context about this contact or topic |
Access to hidden dotfiles in home directory
| 198 | 2. **WhatsApp**: First check `~/.wacli/.health` for keepalive daemon status. If `status=needs_auth` or `status=needs_reauth`, do NOT attempt wacli commands — instead prompt the user: "WhatsApp needs r |
Access to hidden dotfiles in home directory
| 274 | - Check `~/.claude/plugins/data/ops-ops-marketplace/memories/contact_*.md` for stored profile |
Access to hidden dotfiles in home directory
| 333 | **Health file contract (`~/.wacli/.health`):** |
Access to hidden dotfiles in home directory
| 335 | Before ANY wacli command, read `~/.wacli/.health`: |
Access to hidden dotfiles in home directory
| 344 | 1. Write JIDs to `~/.wacli/.backfill_jids` (one per line) |
External URL reference
| 535 | -X POST https://api.notion.com/v1/search \ |