grtninja/bluebubbles
skill-candidates/bluebubbles/SKILL.md
Use when you need to send or manage iMessages via BlueBubbles (recommended iMessage integration). Calls go through the generic message tool with channel="bluebubbles".
$ install --global
skillsauthnpx skillsauth add grtninja/skill-arbiter bluebubblesInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 20, 2026, 9:57 AM10.7s1 file scanned
SKILL.md
- name:
- bluebubbles
- description:
- Use when you need to send or manage iMessages via BlueBubbles (recommended iMessage integration). Calls go through the generic message tool with channel=\"bluebubbles\".
BlueBubbles Actions
Overview
BlueBubbles is OpenClaw’s recommended iMessage integration. Use the message tool with channel: "bluebubbles" to send messages and manage iMessage conversations: send texts and attachments, react (tapbacks), edit/unsend, reply in threads, and manage group participants/names/icons.
Inputs to collect
target(preferchat_guid:...; also+15551234567in E.164 or[email protected])messagetext for send/edit/replymessageIdfor react/edit/unsend/reply- Attachment
pathfor local files, orbuffer+filenamefor base64
If the user is vague ("text my mom"), ask for the recipient handle or chat guid and the exact message content.
Actions
Send a message
{
"action": "send",
"channel": "bluebubbles",
"target": "+15551234567",
"message": "hello from OpenClaw"
}
React (tapback)
{
"action": "react",
"channel": "bluebubbles",
"target": "+15551234567",
"messageId": "<message-guid>",
"emoji": "❤️"
}
Remove a reaction
{
"action": "react",
"channel": "bluebubbles",
"target": "+15551234567",
"messageId": "<message-guid>",
"emoji": "❤️",
"remove": true
}
Edit a previously sent message
{
"action": "edit",
"channel": "bluebubbles",
"target": "+15551234567",
"messageId": "<message-guid>",
"message": "updated text"
}
Unsend a message
{
"action": "unsend",
"channel": "bluebubbles",
"target": "+15551234567",
"messageId": "<message-guid>"
}
Reply to a specific message
{
"action": "reply",
"channel": "bluebubbles",
"target": "+15551234567",
"replyTo": "<message-guid>",
"message": "replying to that"
}
Send an attachment
{
"action": "sendAttachment",
"channel": "bluebubbles",
"target": "+15551234567",
"path": "/tmp/photo.jpg",
"caption": "here you go"
}
Send with an iMessage effect
{
"action": "sendWithEffect",
"channel": "bluebubbles",
"target": "+15551234567",
"message": "big news",
"effect": "balloons"
}
Notes
- Requires gateway config
channels.bluebubbles(serverUrl/password/webhookPath). - Prefer
chat_guidtargets when you have them (especially for group chats). - BlueBubbles supports rich actions, but some are macOS-version dependent (for example, edit may be broken on macOS 26 Tahoe).
- The gateway may expose both short and full message ids; full ids are more durable across restarts.
- Developer reference for the underlying plugin lives in
extensions/bluebubbles/README.md.
Ideas to try
- React with a tapback to acknowledge a request.
- Reply in-thread when a user references a specific message.
- Send a file attachment with a short caption.
Guardrails
- Use local or trusted tools only; avoid untrusted install pipelines.
- Do not paste secrets/tokens into chat output.
- Keep outputs in deterministic local paths for reproducible review.
Related Skills
grtninja/white-hat
tools
VerifiedTrustedCommunity
Run a defender-first security sweep on code, configs, prompts, model/tooling surfaces, or third-party contribution lanes. Use when a request involves safe bug, leak, zero-day-class, exploit, or hack hunting for protection, when contributing to outside repositories and you want a focused security pass, or when touching auth, secrets, permissions, network exposure, prompt/tool boundaries, data flow, or update/build surfaces. This skill is defensive only and must never be used for weaponization or unauthorized access.
2SKILL.mdUpdated Apr 22, 2026
grtninja/vrm-sandbox-startup-acceptance
development
VerifiedTrustedCommunity
Validate and repair VRM Sandbox startup acceptance with shim-first local model authority, frontend/backend bring-up, and avatar-runtime launch proof. Use when launch behavior, chat handoff, voice fallback, or runtime bridge acceptance must be verified end to end.
2SKILL.mdUpdated Apr 22, 2026
grtninja/voice-catalog-runtime-alignment
documentation
VerifiedTrustedCommunity
Align documented voice-command catalogs, endpoint action allowances, and live runtime handlers so operator-visible voice surfaces match what the stack can actually execute. Use when voice command docs, parser matrices, endpoint permissions, or runtime action routing drift apart.
2SKILL.mdUpdated Apr 22, 2026
grtninja/skillhub-trend-radar
development
VerifiedTrustedCommunity
Track SkillHub trend and topic drift, maintain a bounded rewrite watchlist, and surface emerging gaps worth turning into repo-owned skills. Use when the marketplace query set shows new families or when the current shortlist has gone stale.
2SKILL.mdUpdated Apr 22, 2026