Back to skill
Skillv1.0.1
VirusTotal security
Voipms Sms · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:38 AM
- Hash
- 9ac01eef09533bce240d2dffe82209999fdad508f189ff5055b66b4a3701a1dd
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: voipms-sms Version: 1.0.1 The skill bundle is benign. All files align with the stated purpose of sending and retrieving SMS messages via the VoIP.ms API. The Python scripts (`scripts/get_sms.py`, `scripts/send_sms.py`) correctly read API credentials from environment variables and interact with the official VoIP.ms API endpoint. The `SKILL.md` provides clear instructions and even includes a security best practice recommendation to use a least-privilege sub-account. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, prompt injection against the agent, or obfuscation. The inclusion of API credentials in the URL query string is a minor concern for logging but is a common API interaction pattern and not indicative of malicious intent or a direct vulnerability within the skill's code.
- External report
- View on VirusTotal