ClawHub

GetPost SMS API

v1.0.0

Send and receive SMS messages via API. Shared or dedicated numbers.

0· 151·0 current·0 all-time
bydomm@dommholland
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description align with the curl-based API examples in SKILL.md that show sending, reading, and provisioning numbers on https://getpost.dev. There are no unrelated binaries, services, or credentials requested.
Instruction Scope
Instructions are limited to calling the provider's API (signup, send, inbox, provision numbers, webhook registration). They do not ask the agent to read local files or unrelated environment variables. Note: webhook usage means inbound SMS content will be POSTed to whatever endpoint you register—treat that endpoint as sensitive.
Install Mechanism
No install spec or code files — instruction-only skill. Low install risk because nothing is written to disk or fetched at install time.
Credentials
SKILL.md expects an API key (Bearer gp_live_...) but the skill metadata does not declare a required credential or env var. This is plausible (user supplies the key at runtime) but the lack of a declared primary credential means the agent or user must provide the key manually; treat API keys as sensitive secrets.
Persistence & Privilege
always is false and there are no install steps that modify agent/system config. The skill does not request persistent privileges or access to other skills' configs.
Assessment
This skill appears to do what it says: call getpost.dev to send/receive SMS. Before installing or using it: 1) Verify you trust getpost.dev (check the provider/site). 2) Provide the API key only via a secure mechanism (environment variable or secret store), and do not paste it into public chats. 3) Expect per-message costs (the doc mentions 5 credits/SMS) — monitor usage. 4) If you register a webhook, ensure the endpoint authenticates incoming requests and does not expose sensitive data; restrict/validate source IPs or use signatures if supported. 5) For privacy, prefer dedicated numbers for production use. 6) Check legal/compliance implications for sending SMS (consent, spam rules). 7) Note that SKILL.md doesn't declare a required credential — be prepared to supply the API key when prompted. If you need higher assurance, ask for the provider's official homepage/documentation or a signed maintainer identity before proceeding.

Like a lobster shell, security has layers — review code before you run it.

latestvk9781rk2n3rj2xjzg9pr05gwe9837mf0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments