SMS Gateway
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked, the agent can send a text message to an allowlisted phone number, which may incur carrier costs or contact someone as the user.
The script sends real SMS messages through the configured gateway API. This matches the skill purpose and is constrained by an allowlist, but it is still an external communication action.
-X POST "${SMS_GATEWAY_URL}/api/v1/sms/send"Keep the allowlist small and review the exact recipient and message body before asking the agent to send texts.
Checking the inbox can change message status, so messages may no longer appear unread afterward.
After displaying unread messages, the receive script marks them as read. SKILL.md also discloses this behavior.
curl -s -X PUT "${SMS_GATEWAY_URL}/api/v1/sms/${ID}/read"Only run inbox checks when marking displayed unread messages as read is acceptable, or add a no-mark-read option if that workflow is needed.
Anyone with the gateway API key could potentially send or read SMS through the configured gateway.
The scripts require an API key for the SMS Gateway and later send it in the X-API-Key header. This is expected for the integration, and the artifacts do not show leakage to unrelated destinations.
SMS_GATEWAY_API_KEY="${SMS_GATEWAY_API_KEY:-}"Store the .env file securely, restrict file permissions, rotate the key if exposed, and prefer binding the gateway to localhost or a trusted network.
Following the setup gives the remote installer root-level authority on the device and installs a persistent service.
The documented gateway setup pulls an unpinned remote script from GitHub and runs it with sudo. It is a disclosed, user-directed prerequisite, but the installer code is outside the supplied artifacts.
curl -fsSL https://raw.githubusercontent.com/mattboston/sms-gateway/main/install.sh | sudo bash
Inspect the install script first, prefer a pinned release or manual install, and run the gateway on a dedicated or low-risk machine where possible.
Private SMS content may be shown to the agent, and message text from other people could contain instructions or misleading content.
Inbound SMS bodies and phone numbers are brought into the agent's context. The default allowlist reduces exposure, but the -a option can include non-allowlisted senders.
The script displays each message with its timestamp, sender number, status, body, and ID.
Treat SMS bodies as untrusted external text, avoid using the -a option unless needed, and do not let received messages override the user's instructions without confirmation.