← Back to Skills Marketplace
Unbridled
by
Jérémie Kalfon
· GitHub ↗
· v0.2.2
· MIT-0
132
Downloads
0
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install unbridled
Description
Send and read messages on Facebook Messenger, WhatsApp, Instagram, LinkedIn, Twitter/X, Signal, Telegram, Discord and other networks through a Beeper account...
Usage Guidance
This skill appears to do what it says (use your Beeper account as a unified API) but it requires highly sensitive secrets: the Beeper Recovery Key (full account recovery and decryption of message history) and the bbctl access token (API access). If you install it, you will be asked to store those secrets on the agent host (plaintext file and bbctl config) and to run an optional systemd user daemon that continuously syncs keys and messages. Before installing, consider:
- Only install on a host you fully control and trust (use an isolated VM/container or a dedicated agent user).
- Understand that the recovery key + bbctl token = read+write access to all bridged networks (inbox history + sending). Treat them like root passwords. If leaked, rotate/regenerate the recovery key from Beeper Desktop and revoke the device.
- If you only need to send messages and can accept not reading history, skip importing the recovery key and decline installing the sync daemon — functionality will be reduced but risk is lower.
- Verify the scripts yourself (they are provided) and inspect any changes before running. The install steps download bbctl from the project's GitHub releases and pip packages from PyPI — standard but run them in a controlled environment if you're cautious.
- Audit and cleanup steps are provided in the README; after testing you can remove ~/.local/share/clawd-matrix, ~/.config/bbctl, and the recovery key file to revoke local access. Keep an eye on the user systemd unit and logs (journalctl --user -u clawd-beeper-sync).
The skill is coherent with its purpose, but because it requires full decryption keys, treat it as high-trust and follow the precautions above.
Capability Analysis
Type: OpenClaw Skill
Name: unbridled
Version: 0.2.2
The skill provides unified access to a user's Beeper/Matrix messaging accounts, including E2EE networks like WhatsApp and Messenger. It requires the user to store their master Beeper Recovery Key in a local file (~/.secrets/beeper-recovery-key.txt) and uses it to bootstrap cross-signing and decrypt historical message backups (scripts/bootstrap_crosssign.py and scripts/import_key_backup.py). While the code appears well-documented, follows the Matrix specification (including handling known libolm implementation quirks), and includes safety instructions for the AI agent, the inherent high-risk nature of automating access to a master recovery key and all private communications across multiple platforms warrants a suspicious classification under the provided criteria.
Capability Tags
Capability Assessment
Purpose & Capability
Name/description match what the code and SKILL.md do: they use a Beeper per-user Matrix homeserver to send/read bridged networks and to bootstrap cross-signing and import the Megolm key backup. One inconsistency: the registry metadata lists no required env vars or config paths, but the runtime instructions and code rely on user files (~/.config/bbctl/config.json, ~/.secrets/beeper-recovery-key.txt, ~/.local/share/clawd-matrix/). This is explainable (instruction-only skill) but worth noting.
Instruction Scope
SKILL.md and scripts explicitly instruct the agent/installer to (a) store the Beeper recovery key in ~/.secrets, (b) run bbctl login (which populates ~/.config/bbctl/config.json), (c) run bootstrapping/import scripts, and (d) optionally install a systemd user daemon for continuous sync. All of these actions are within the stated purpose (establish trust, decrypt history, and maintain Megolm sessions). The instructions do require writing and reading highly sensitive files (the recovery key and bbctl token) — this is necessary for full functionality but is a sensitive operation the user must accept explicitly.
Install Mechanism
Install steps are conventional: download the official bbctl binary from the project's GitHub releases, apt/brew for libolm and ffmpeg, and create a Python venv to pip-install matrix-nio[e2e] and crypto deps. No obfuscated or unusual remote hosts are used; archives are not pulled from arbitrary personal servers. The skill is instruction-only in the registry (no automatic installer), but an included install.sh automates the same steps.
Credentials
The skill requires access to two very powerful secrets: the bbctl access token (stored in ~/.config/bbctl/config.json) and the Beeper Recovery Key (explicitly stored in ~/.secrets/beeper-recovery-key.txt). Those are exactly the credentials needed to read and send messages and to import full Megolm backups — which is coherent with the purpose, but the sensitivity is high. The registry did not declare these config paths/credentials as required, so the user may not expect the level of secret access requested. The scripts also create persistent local key stores (~/.local/share/clawd-matrix).
Persistence & Privilege
The package installs (via provided scripts) a user-level systemd service (clawd-beeper-sync) to run a long‑running sync daemon that consumes to_device events and maintains Megolm sessions. The skill is not marked always:true; it does not request platform-global privileges, but the daemon combined with stored secrets gives ongoing access to inbound keys and the ability to decrypt future messages. This persistence increases blast radius and should be judged deliberately.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install unbridled - After installation, invoke the skill by name or use
/unbridled - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.2.2
Fix packaged skill path resolution in collect_beeper_daily.py after validating the published layout; keep the recent-history over-fetch fix and updated docs.
v0.2.1
Fix false decryption-unavailable reports by over-fetching recent history in the digest collector; document the raw-event-count pitfall; publish the chat search helper in the skill docs.
v0.3.0
better name
v0.2.0
key backup import
Metadata
Frequently Asked Questions
What is Unbridled?
Send and read messages on Facebook Messenger, WhatsApp, Instagram, LinkedIn, Twitter/X, Signal, Telegram, Discord and other networks through a Beeper account... It is an AI Agent Skill for Claude Code / OpenClaw, with 132 downloads so far.
How do I install Unbridled?
Run "/install unbridled" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Unbridled free?
Yes, Unbridled is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Unbridled support?
Unbridled is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Unbridled?
It is built and maintained by Jérémie Kalfon (@jkobject); the current version is v0.2.2.
More Skills