AI短信发送工具
PassAudited by VirusTotal on May 6, 2026.
Overview
Type: OpenClaw Skill Name: sms-send Version: 1.0.0 The skill bundle provides a legitimate integration with the Chuanglan (创蓝) SMS platform. The core logic in `send-sms.sh` uses standard tools (curl, jq) to interact with the official API endpoint (smssh.253.com) using user-provided credentials, and there are no signs of data exfiltration, malicious execution, or prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or overly broad agent invocation could send paid SMS messages to many recipients, causing cost, privacy, or reputation impact.
The skill exposes a command that sends real SMS messages and documents bulk sending up to 1000 recipients, but the artifacts do not include confirmation, preview, rate-limit, spend-limit, or recipient-validation guidance.
sms-send --phone <手机号> --template <模板ID> [--vars '<变量JSON>']; 批量发送时多个手机号用逗号分隔,最多1000个
Require explicit user confirmation before every send, add a preview of recipients/template/variables, cap bulk recipient counts by default, and use account quotas or test credentials.
If the environment is misconfigured or influenced, the SMS account password could be sent to an unintended endpoint; local process listings or logs may also expose the request body while curl runs.
The API password is embedded in the request body, the destination URL can be overridden by an undocumented environment variable, and the body is supplied to curl as a command-line argument.
: "${CHANGLAN_API_URL:=https://smssh.253.com/msg/sms/v2/tpl/send}" ... "password": "${CHANGLAN_PASSWORD}" ... curl ... -d "${request_body}"Pin or validate the official HTTPS API host, document any endpoint override, send the request body via stdin or a protected temporary file, and use a dedicated low-quota Chuanglan account with IP whitelist controls.
This is normal local configuration plumbing, but a tampered or untrusted .env file could run commands when the SMS command is used.
The script loads .env with shell source, which executes shell syntax in that file rather than only parsing key/value credentials.
if [[ -f "$ENV_FILE" ]]; then source "$ENV_FILE"; fi
Prefer OpenClaw secret storage or environment variables; if .env is used, keep it private and parse it as data rather than sourcing it as shell code.
Phone numbers and message-template variables will be shared with the SMS provider as part of sending messages.
Recipient phone numbers, template IDs, and template variables are sent to the Chuanglan SMS provider API, which is expected for this skill but is still a third-party data flow.
"phoneNumbers": "${phone}", "templateId": "${template}" ... curl -s -m 30 -X POST "${CHANGLAN_API_URL}"Only send numbers and variables the user has approved, ensure recipient consent/compliance, and keep provider/account access limited to this purpose.