rcs-message
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill mostly matches its SMS/RCS sending purpose, but it under-declares and persistently stores API secrets and has an unsafe session-file path that could write credentials outside the intended folder.
Install only if you trust the messaging provider and are comfortable with APP_ID/APP_SECRET credentials being stored locally. Verify all recipient numbers and message content before sending, avoid unusual session IDs, and remove saved credential files when no longer needed.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A crafted or malformed session ID could place APP_SECRET credentials in an unintended file or overwrite a file the agent account can write.
The session ID argument is used directly as a credential filename. Values containing path separators or absolute paths could cause credentials to be read from or written outside the intended config directory.
parser.add_argument("--session-id", default="default"...); return config_dir / f"{session_id}.json"; ... json.dump(credentials, f)Sanitize or hash session IDs before using them in paths, reject path separators and absolute paths, and ensure credential writes stay inside one fixed directory.
The messaging account secret may remain on disk and could be reused by anyone or anything with access to that local file, enabling messages to be sent through the user's provider account.
The skill saves provider API credentials, including the APP_SECRET, as local JSON for later reuse, while the registry metadata declares no primary credential or required environment variables.
credentials = {"app_id": app_id, "app_secret": app_secret} ... with open(credential_file, 'w') as f: json.dump(credentials, f)Declare the credential requirement in metadata, use a platform or OS secret store where possible, make persistence opt-in, document the exact file path, and provide a clear credential-removal command.
A mistaken prompt or recipient list could send unwanted SMS/RCS messages and may create cost, compliance, or reputation issues.
The skill can send messages to up to 100 phone numbers per request. This is purpose-aligned and rate-limited, but it is still a high-impact external action.
MAX_PHONE_NUMBERS = 100 ... payload = {"templateType": message_type, "numbers": validated_numbers} ... requests.post(url, json=payload, headers=headers, timeout=30)Verify recipient numbers and message content before sending; prefer dry-run or an explicit confirmation step for bulk sends.
The provider receives recipient numbers, message text or template data, and account-identifying headers.
Recipient phone numbers and message content are sent to the disclosed external messaging provider. This is expected for the skill, but it is sensitive data flow.
SERVER_ROOT = "https://5g.fontdo.com" ... requests.post(url, json=payload, headers=headers, timeout=30)
Use only with recipients and content appropriate for that provider, and verify the provider's privacy, compliance, and retention terms.
Users may have to install dependencies manually, and dependency versions are not pinned by the provided artifacts.
The skill documents Python package requirements, but the registry says there is no install spec and no required binaries/env vars. This is an incomplete setup/provenance declaration rather than evidence of malicious behavior.
Requirements: - Python 3.6 or higher - requests library - python-dotenv library (optional)
Provide an install spec or lockfile, declare runtime and environment requirements in metadata, and pin dependency versions where practical.