Skillv2.0.0

ClawScan security

Android SMS Gateway · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 23, 2026, 4:37 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's scripts and runtime instructions match an Android SMS-gateway purpose, but the package/registry metadata fails to declare the sensitive environment variables and credentials the scripts actually require; provenance is unclear.
Guidance: Before installing or using this skill: - Treat this as code that will run curl requests with your gateway credentials. Review and store your SMS gateway token/username/password securely (the skill expects SMS_GATEWAY_URL and SMS_GATEWAY_TOKEN or SMS_GATEWAY_USER/SMS_GATEWAY_PASS). - The registry metadata omits these required env vars — don't assume the platform will protect or inject them for you. Provide secrets only after you've verified the code and provenance. - Check verbose logs: several scripts log full JSON payloads in verbose mode (including phone lists and message bodies) and may echo payloads during dry-run; avoid enabling verbose on systems where logs are monitored or retained. - Cloud mode uses https://api.sms-gate.app/3rdparty/v1 (external service). If you plan to use cloud mode, understand that credentials and messages will transit/possibly be stored by that cloud service; prefer local or private-server mode if you need tighter control. - Validate webhook targets: register_webhook_capcom6.sh will register arbitrary public URLs. Only register webhooks you control and enforce TLS and authentication on the receiver to avoid leaking incoming messages to third parties. - Confirm tooling availability: scripts use curl and optionally jq. Ensure your environment has these tools and that their behavior/versions are acceptable. - Verify provenance: package.json points to a GitHub repo but the skill owner is anonymous and no homepage is provided. If you need high assurance, fetch the upstream repo releases yourself, compare code, and only run scripts from sources you trust. If you want, I can also: - Highlight exactly which lines in each script print request payloads or could leak tokens. - Produce a minimally modified, safer wrapper that avoids printing payloads and enforces TLS and stricter config handling. Overall verdict rationale: The functionality is coherent with its stated purpose, but the missing declaration of required credentials and small logging/privacy issues make this package suspicious until provenance and config handling are confirmed.

Review Dimensions

Purpose & Capability: noteThe skill name and description (self-hosted SMS via Android HTTP API) align with the included scripts and docs: send/receive/status/bulk/webhook operations are implemented for several gateway apps. However the registry metadata declares no required environment variables or primary credential even though the SKILL.md and scripts require API tokens or username/password and a gateway URL. That metadata omission is an inconsistency (likely sloppy but meaningful).
Instruction Scope: noteSKILL.md and scripts stick to the stated purpose: they call the Android gateway endpoints, register webhooks, poll messages, and send SMS. The instructions tell users to store tokens in files and show how to register webhooks (including example use of webhook.test services). Minor concerns: verbose logging prints request payloads (some scripts call log_verbose with the full JSON payload), which could expose secrets if a user enables verbose mode; scripts read recipient files and config files (e.g., ~/.openclaw/sms-gateway.json) so users should avoid pointing recipients to sensitive system files. Overall behavior matches the claimed scope.
Install Mechanism: okThis is instruction-only with bundled shell scripts—no install step that fetches remote code. No external download URLs or extract/install behavior in the skill bundle itself. Scripts do assume common tools (curl, date, sleep, jq optional) but the registry didn't list binaries; this is not a high-risk install mechanism but the missing tool requirements are a documentation gap.
Credentials: concernHigh concern: the registry metadata lists no required environment variables or primary credential, but SKILL.md and the scripts rely on secrets and config (SMS_GATEWAY_URL, SMS_GATEWAY_TOKEN or SMS_GATEWAY_USER/SMS_GATEWAY_PASS, config files under ~/.openclaw, etc.). The skill also references an optional cloud endpoint (https://api.sms-gate.app/3rdparty/v1) — using cloud mode would send credentials to an external service. The omission of these env var requirements in the registry is a mismatch that reduces transparency and could lead to accidental exposure or misuse.
Persistence & Privilege: okNo elevated platform privileges requested: always:false, no install hooks that alter other skills or system-wide settings. The skill files are scripts that will live in the skill bundle only. Autonomous invocation is enabled by default but that is normal for skills and not by itself a concern here.