iMessage MCP plugin forwards all permission prompts as outbound text messages to recipients
Resolved 💬 3 comments Opened Mar 26, 2026 by simpsondesign Closed Mar 30, 2026
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
Details:
- The iMessage MCP plugin broadcasts every Claude Code permission prompt (tool calls, bash commands, file reads) as actual text messages to the active chat recipient
- This includes internal tool descriptions, command arguments, and permission codes
- The recipient sees all internal Claude Code activity as SMS/RCS messages
- This is a serious privacy and security issue — internal tool calls, file paths, and command arguments are being leaked to external contacts
What Should Happen?
Sensitive data, bash commands, tool calls, etc should never be transmitted in a message...
Error Messages/Logs
Steps to Reproduce
- Install the iMessage MCP plugin for Claude Code
- Configure it with an allowlisted contact
- Receive an inbound iMessage from that contact
- Use the reply tool to send a response
- Use any other tool (Bash, Glob, Read, Agent, etc.) while the chat is active
Claude Model
Opus
Is this a regression?
No, this never worked
Last Working Version
_No response_
Claude Code Version
2.1.84
Platform
Anthropic API
Operating System
macOS
Terminal/Shell
VS Code integrated terminal
Additional Information
_No response_
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗