iMessage MCP plugin forwards all permission prompts as outbound text messages to recipients

Resolved 💬 3 comments Opened Mar 26, 2026 by simpsondesign Closed Mar 30, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

Details:

  • The iMessage MCP plugin broadcasts every Claude Code permission prompt (tool calls, bash commands, file reads) as actual text messages to the active chat recipient
  • This includes internal tool descriptions, command arguments, and permission codes
  • The recipient sees all internal Claude Code activity as SMS/RCS messages
  • This is a serious privacy and security issue — internal tool calls, file paths, and command arguments are being leaked to external contacts

What Should Happen?

Sensitive data, bash commands, tool calls, etc should never be transmitted in a message...

Error Messages/Logs

Steps to Reproduce

  1. Install the iMessage MCP plugin for Claude Code
  2. Configure it with an allowlisted contact
  3. Receive an inbound iMessage from that contact
  4. Use the reply tool to send a response
  5. Use any other tool (Bash, Glob, Read, Agent, etc.) while the chat is active

Claude Model

Opus

Is this a regression?

No, this never worked

Last Working Version

_No response_

Claude Code Version

2.1.84

Platform

Anthropic API

Operating System

macOS

Terminal/Shell

VS Code integrated terminal

Additional Information

_No response_

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗