Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Poke Bridge
v0.6.5Send SMS/iMessage to the user via Poke and process inbound Poke events. Use when the user asks to be texted, for SMS-based alerts, when processing events for...
⭐ 0· 64·0 current·0 all-time
by@g9pedro
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description align with the instructions: the SKILL.md details connecting an OpenClaw agent to a Poke relay, running an MCP server, and sending/receiving SMS. Requiring access to openclaw.json (gateway ports/tokens) and running a tunnel/service is coherent with that purpose.
Instruction Scope
Instructions go beyond simple configuration: they read/write openclaw.json, create and enable systemd services, invoke global npm installs and npx setup, and explicitly patch binaries and node_modules via sed. The binary/library patching is broad, invasive, and modifies installed code on disk — scope creep relative to a purely messaging bridge.
Install Mechanism
There is no registry install spec recorded; instead the SKILL.md instructs the operator to run `npm install -g openclaw-poke` and `npx openclaw-poke setup`. Pulling and running an unverified npm package is moderate risk. The included sed-based patches that alter CLI and SDK files are high risk because they edit installed artifacts in-place.
Credentials
The skill declares no required env vars, which matches the metadata. It does rely on reading/writing openclaw.json and on obtaining a Poke API key or OAuth. Access to openclaw.json may expose gateway/hook tokens; that is relevant to operation but should be reviewed before granting.
Persistence & Privilege
The setup creates persistent user systemd services and a long-running tunnel process, giving ongoing presence on the host. While expected for a tunnel, combined with in-place binary and module patches this grants substantial persistent modification of the environment and warrants caution.
What to consider before installing
Before installing or running these instructions: 1) Inspect the openclaw-poke npm package source (or run it in an isolated VM/container) — do not blindly run global npm installs from unknown publishers. 2) Backup any files the guide will modify (openclaw.json, the poke binary, node_modules) and verify the sed replacement strings are correct; consider asking the maintainer for an official fix rather than patching binary files. 3) Prefer OAuth rather than pasting API keys when possible, and review what data in openclaw.json will be read/written (it may contain bearer tokens). 4) Review the systemd unit content before enabling it; running a persistent service is expected but increases exposure. 5) If you cannot validate the npm package and the patch steps, consider using the alternative manual registration with a secure tunnel provider (Tailscale/ngrok) or ask for an audited release. 6) If you proceed, run the setup with least privilege (user-level, not root) and monitor changes (file diffs, service activation).Like a lobster shell, security has layers — review code before you run it.
latestvk9700cdy1r85cwh09g3yc8ygrd838m02
License
MIT-0
Free to use, modify, and redistribute. No attribution required.