rcs-message
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: rcs-message Version: 1.0.5 The skill bundle provides a legitimate integration for sending RCS and SMS messages via the Fontdo 5G messaging platform (5g.fontdo.com). It features robust input validation, rate limiting (60-second intervals), and privacy protection utilities in `privacy_protect.py` to mask sensitive data in logs. While it stores API credentials in the user's home directory (`~/.config/moltbot/`), this is a standard practice for persistent CLI/agent authentication and shows no evidence of malicious intent or unauthorized data exfiltration.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A crafted or malformed session ID could place APP_SECRET credentials in an unintended file or overwrite a file the agent account can write.
The session ID argument is used directly as a credential filename. Values containing path separators or absolute paths could cause credentials to be read from or written outside the intended config directory.
parser.add_argument("--session-id", default="default"...); return config_dir / f"{session_id}.json"; ... json.dump(credentials, f)Sanitize or hash session IDs before using them in paths, reject path separators and absolute paths, and ensure credential writes stay inside one fixed directory.
The messaging account secret may remain on disk and could be reused by anyone or anything with access to that local file, enabling messages to be sent through the user's provider account.
The skill saves provider API credentials, including the APP_SECRET, as local JSON for later reuse, while the registry metadata declares no primary credential or required environment variables.
credentials = {"app_id": app_id, "app_secret": app_secret} ... with open(credential_file, 'w') as f: json.dump(credentials, f)Declare the credential requirement in metadata, use a platform or OS secret store where possible, make persistence opt-in, document the exact file path, and provide a clear credential-removal command.
A mistaken prompt or recipient list could send unwanted SMS/RCS messages and may create cost, compliance, or reputation issues.
The skill can send messages to up to 100 phone numbers per request. This is purpose-aligned and rate-limited, but it is still a high-impact external action.
MAX_PHONE_NUMBERS = 100 ... payload = {"templateType": message_type, "numbers": validated_numbers} ... requests.post(url, json=payload, headers=headers, timeout=30)Verify recipient numbers and message content before sending; prefer dry-run or an explicit confirmation step for bulk sends.
The provider receives recipient numbers, message text or template data, and account-identifying headers.
Recipient phone numbers and message content are sent to the disclosed external messaging provider. This is expected for the skill, but it is sensitive data flow.
SERVER_ROOT = "https://5g.fontdo.com" ... requests.post(url, json=payload, headers=headers, timeout=30)
Use only with recipients and content appropriate for that provider, and verify the provider's privacy, compliance, and retention terms.
Users may have to install dependencies manually, and dependency versions are not pinned by the provided artifacts.
The skill documents Python package requirements, but the registry says there is no install spec and no required binaries/env vars. This is an incomplete setup/provenance declaration rather than evidence of malicious behavior.
Requirements: - Python 3.6 or higher - requests library - python-dotenv library (optional)
Provide an install spec or lockfile, declare runtime and environment requirements in metadata, and pin dependency versions where practical.