ClawHub

openclaw message cli skill

v1.0.0

Use when the user explicitly wants to send outbound messages with the OpenClaw CLI rather than built-in tools, especially for `openclaw message send` command...

0· 146·0 current·0 all-time
byLEO@leoustc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name, description, and SKILL.md all focus on running 'openclaw message send' which is coherent. Minor inconsistency: registry metadata lists no required binaries or credentials, yet the instructions clearly assume the OpenClaw CLI is installed and authenticated on the host.
Instruction Scope
SKILL.md contains only targeted instructions for invoking the CLI and lists reasonable checks (verify channel, target format, quote message). It does not instruct reading unrelated files, exfiltrating data, or contacting unexpected endpoints.
Install Mechanism
No install spec and no code files — lowest-risk, instruction-only surface. Nothing is downloaded or written to disk by the skill itself.
Credentials
The skill declares no required env vars or config paths, but practical use will require the OpenClaw CLI and whatever authentication it needs (CLI-installed credentials, tokens, or config files). The skill does not document or declare these dependencies in metadata.
Persistence & Privilege
always is false and there is no install or persistent footprint. disable-model-invocation is false (default), meaning the agent could invoke the skill autonomously — this is normal platform behavior and is not by itself a red flag.
Assessment
This skill is an instruction-only helper for running the OpenClaw CLI to send messages and appears internally consistent. Before installing or enabling it, ensure you actually want agent-driven CLI messaging: verify the OpenClaw CLI is installed and authenticated on the host (the skill metadata does not declare that dependency), and be careful about automated sends to real recipients or sending sensitive data. If you do not want the agent to ever send messages autonomously, consider disabling autonomous invocation (set disable-model-invocation to true) or only enable the skill when you explicitly request CLI-based sends.

Like a lobster shell, security has layers — review code before you run it.

latestvk97deszvrbc1hjdaar07a8yzg58365zt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments