sendblue-cli
Enables sending iMessages and SMS from the shell using the Sendblue CLI, simplifying contact management and message sending.
Install this skill
or
54/100
Security score
The sendblue-cli skill was audited on Jun 1, 2026 and we found 10 security issues across 3 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 3
Webhook reference - potential data exfiltration
SourceSKILL.md
| 3 | description: "Send iMessage and SMS from the shell via the @sendblue/cli npm package — outbound sends, contact management, and account setup with no API client or webhook server required." |
medium line 25
Webhook reference - potential data exfiltration
SourceSKILL.md
| 25 | `@sendblue/cli` is a Node CLI that creates a Sendblue account, provisions an iMessage-enabled number, and sends messages. It is the fastest way to text from a shell, script, or Claude Code hook — no A |
medium line 32
Webhook reference - potential data exfiltration
SourceSKILL.md
| 32 | - Reach for [[sendblue-api]] instead when writing application code that integrates Sendblue, receiving inbound webhooks, or needing features the CLI does not expose (send styles, reactions, group mess |
medium line 121
Webhook reference - potential data exfiltration
SourceSKILL.md
| 121 | - Outbound-first: there is no built-in webhook server for inbound. Use [[sendblue-api]] webhooks for full inbound handling. |
medium line 142
Webhook reference - potential data exfiltration
SourceSKILL.md
| 142 | - `@sendblue-api` — HTTP/JSON alternative for application code, webhooks, and features the CLI does not expose. |
medium line 25
Access to hidden dotfiles in home directory
SourceSKILL.md
| 25 | `@sendblue/cli` is a Node CLI that creates a Sendblue account, provisions an iMessage-enabled number, and sends messages. It is the fastest way to text from a shell, script, or Claude Code hook — no A |
medium line 115
Access to hidden dotfiles in home directory
SourceSKILL.md
| 115 | - ✅ **Re-run `setup` as the same OS user** that owns `~/.sendblue/credentials.json`. |
medium line 127
Access to hidden dotfiles in home directory
SourceSKILL.md
| 127 | - Credentials are written to `~/.sendblue/credentials.json` with mode `600`. Treat that file like an API key — do not commit it, do not copy it across machines without the same posture. |
medium line 138
Access to hidden dotfiles in home directory
SourceSKILL.md
| 138 | - **Credentials are per-user.** `~/.sendblue/credentials.json` is owner-only (`600`). Don't `sudo` and pollute root's home — re-running as the same user that ran `setup` is what works. |
low line 149
External URL reference
SourceSKILL.md
| 149 | - Sendblue: <https://sendblue.com> |
Scanned on Jun 1, 2026
View Security DashboardGitHub Stars 39.4K
Rate this skill
Categorysales
UpdatedJune 10, 2026
sickn33/antigravity-awesome-skills