iMCP: why it is not safe to use
iMCP is a reputable, sandboxed open-source app, but by design it forwards your Messages, Contacts, Calendar and Reminders to the connected AI client.
What we found
iMCP (mattt/iMCP) is open-source Swift from a well-known developer, with no hidden or obfuscated code, no hardcoded secrets, and no shell or destructive commands. It runs in the macOS App Sandbox, uses Apple's native permission dialogs, and asks for per-client trust before connecting. Write actions are limited to creating calendar events and reminders, each gated by an Apple prompt.
Our two cautions are about data flow, not app behavior. First, the app reads your personal data and, by design, hands your Messages, Contacts, Calendar and Reminders to the connected AI client, which sends that content off-device as part of tool calls. The README states this plainly, and nothing is stored by the app itself. Second, because tool results return raw iMessage, contact and reminder text, a malicious message already in your inbox could carry instructions the AI client then acts on. This is inherent to any personal-data reader, not something iMCP introduces.
What to do instead
Connect it only to an AI client you trust with private data, and understand that client's retention policy. Prefer a local or privacy-respecting model, grant the narrowest Apple permissions you need, and stay alert to instructions arriving through your own messages.
Source: https://github.com/mattt/iMCP
We report what our security review found at the time we checked, with the goal of keeping people safe. Projects change; if a maintainer has since fixed this, we are glad to recheck it. Email hello@agentpod.com.