Telnyx SMS/MMS Channel
Security checks across malware telemetry and agentic risk
Overview
This looks like a real Telnyx SMS plugin, but its allowlist behavior can unintentionally let anyone who knows the phone number reach the assistant when the allowlist is empty.
Before installing, set webhookPublicKey and explicit allowFrom phone numbers; do not leave the allowlist empty unless you are comfortable with anyone texting the number. Verify the package identity if installing manually, monitor Telnyx usage, and remember that SMS/MMS content may be stored in agent conversation context.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you leave allowFrom empty, anyone who can text the Telnyx number may interact with the assistant, potentially prompting replies, causing SMS costs, or reaching command-capable workflows.
In allowlist mode, an empty allowFrom list permits every sender instead of rejecting or gating them, and inbound SMS context is marked command-authorized before dispatch.
const isAllowed = allowFrom.length === 0 || allowFrom.some((entry) => { ... }); ... CommandAuthorized: trueConfigure explicit allowed phone numbers before exposing the number, and update the implementation so empty allowlists deny or gate by default while only ["*"] allows everyone.
Users may believe the default allowlist setting blocks unknown numbers when it can actually allow them.
The UI schema tells users that "*" is the explicit allow-all setting and shows an empty default, but the runtime code allows all senders when the list is empty.
"description": "Phone numbers allowed to message (E.164 format). Use \"*\" to allow all. Only applies when dmPolicy is \"allowlist\".", ... "default": []
Align documentation, UI schema, and runtime behavior; warn users clearly if an empty allowlist is intended to mean open access.
A user following the README outside ClawHub could install a package identity that is not obviously the same as the reviewed artifact.
The manual install instruction names a scoped npm package, while package.json declares the package name as "openclaw-channel-telnyx-sms".
npm install @pcplayground/openclaw-channel-telnyx-sms
Install through the trusted ClawHub flow or verify the npm package name, publisher, version, and repository before manual installation.
The assistant can send messages from your Telnyx number, which may incur charges or affect account reputation.
The plugin uses the configured Telnyx API key to send SMS/MMS messages through the Telnyx Messages API, which is expected for this channel.
Authorization: `Bearer ${account.config.apiKey}` ... fetch(`${TELNYX_API_BASE}/messages`, { method: "POST"Store the Telnyx key securely, use the least-privileged key Telnyx supports, monitor usage/billing, and keep outbound access limited to trusted workflows.
Private SMS/MMS content may be retained in conversation context and influence later assistant responses.
Inbound SMS text and MMS media URLs are passed into the agent context and recorded for session continuity.
BodyForAgent: bodyText, ... MediaUrls: mediaPaths.length > 0 ? mediaPaths : void 0, ... await recordInboundSession({ storePath, sessionKey: ... ctx: ctxPayload })Use a tight allowlist, configure session retention/history appropriately, and avoid sending sensitive data through the SMS channel unless you expect it to enter the agent context.