ClawHub

retarus-sms4a

v1.0.0

Send SMS jobs and check SMS delivery status through the Retarus SMS for Applications REST API. Use when Codex or OpenClaw needs to create SMS jobs, inspect p...

0· 82·0 current·0 all-time
by@aeggerd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, SKILL.md, reference doc, and helper script all align: the code calls Retarus REST endpoints and offers send/status/version actions one would expect for an SMS API helper.
Instruction Scope
Runtime instructions and the script focus on assembling payloads, reading credentials from env or a local secret file, and calling the listed Retarus hostnames. The instructions do not ask for unrelated files, broad system scans, or external endpoints beyond the Retarus domains documented in references/api.md.
Install Mechanism
No install spec — instruction-only with a helper script. Nothing is downloaded or written by an installer, so there is no hidden install risk from the registry metadata.
Credentials
The skill reasonably requires credentials (username/password or secret file). Registry metadata lists no required env vars, but SKILL.md and the script document the optional RETARUS_SMS4A_USERNAME/RETARUS_SMS4A_PASSWORD and RETARUS_SMS4A_SECRET_FILE and default local secret paths. This is proportionate, but the metadata/manifest could be more explicit about credential inputs.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or persistent platform privileges. It does not attempt to modify other skills or system-wide config; it only reads secrets from standard local paths when present.
Assessment
This skill looks coherent for interacting with Retarus SMS4A. Before installing, verify you are comfortable granting it network egress to the listed Retarus domains (sms4a.de1.retarus.com, sms4a.de2.retarus.com, sms4a.eu.retarus.com). Provide credentials via a secrets store or a file with tight permissions rather than embedding them in code or command history. Note the registry metadata doesn't explicitly list the optional RETARUS_SMS4A_USERNAME / RETARUS_SMS4A_PASSWORD variables even though the SKILL.md and script use them — this is benign but worth being aware of. If you operate in a constrained environment, consider auditing the script locally (it is included) and applying network egress controls so it can only reach the Retarus hostnames.

Like a lobster shell, security has layers — review code before you run it.

latestvk974p2te52qjb5dd6916wztnrd839hsk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments