ClawHub

CMI CPaaS - SMS Sender

Security checks across malware telemetry and agentic risk

Overview

The skill appears to send SMS as advertised, but it can send bulk real-world messages using sensitive account credentials without a required confirmation step and it bypasses configured proxies.

Install only if you trust the CloudSMS provider and the skill publisher, and use it with a strict manual review step before every send. Confirm the exact recipients, message body, signature, and recipient count, avoid unsolicited or sensitive messages, and provide the Auth Key only through a protected secret mechanism when possible. Be aware that this script disables configured proxies before contacting the SMS API.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The activation condition is broadly defined as any request to send SMS, with no explicit restrictions on authorized use cases, consent, premium numbers, high-risk content, or anti-abuse checks. In practice this can cause the agent to assist with sending messages in situations involving spam, harassment, social engineering, or unintended mass messaging, especially because the skill supports bulk sending to up to 100 recipients.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill describes sending SMS through an external CloudSMS API but does not clearly warn that recipient phone numbers, message bodies, and optional signatures will be transmitted to a third-party service. This creates a privacy and data-handling risk because users may disclose personal data or confidential content without informed consent or awareness of external processing.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill asks users to provide a Channel ID and Auth Key but gives no warning that these are secrets that must be handled carefully. If users paste credentials into ordinary chat flows or logs, those secrets could be exposed, reused for unauthorized SMS sending, account abuse, billing fraud, or lateral compromise of the messaging account.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script sends bulk SMS content and recipient phone numbers to an external SMS gateway with no in-code confirmation, authorization check, rate limiting, or recipient-consent safeguards. In an agent/skill context, this can enable unauthorized mass messaging, privacy violations, and financial abuse if invoked with attacker-controlled inputs or exposed credentials.

External Transmission

Medium
Category
Data Exfiltration
Content
payload["uip_body"]["ORIGINAL_ADDR"] = original_addr

    try:
        response = requests.post(API_URL, json=payload, timeout=30)
        result = response.json()

        uip_head = result.get("uip_head", {})
Confidence
95% confidence
Finding
requests.post(API_URL, json=

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal