ClawHub

Didit Phone Verification

v1.3.0

Integrate Didit Phone Verification standalone API to verify phone numbers via OTP. Use when the user wants to verify phones, send SMS or WhatsApp or Telegram...

0· 640·0 current·1 all-time
byDidit@rosasalberto
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required credential (DIDIT_API_KEY), endpoints (verification.didit.me, apx.didit.me), and included helper script all align with a phone verification integration. No unrelated credentials or binaries are requested.
Instruction Scope
SKILL.md confines actions to Didit endpoints and describes sending optional fraud signals (ip, device_id, user_agent). These signals are optional but could include user-sensitive metadata if populated — the skill does not instruct collecting system files or unrelated secrets. The SKILL.md also documents a programmatic registration flow that requires an email and OTP; exercising that flow would involve external email handling which is outside the skill and should be done carefully.
Install Mechanism
No install spec (instruction-only) which minimizes risk. Included script depends on the Python 'requests' package but no dependency list is declared — callers must ensure runtime has 'requests' available. No downloads from untrusted URLs are present.
Credentials
Only one environment variable (DIDIT_API_KEY) is required and is appropriate for an API integration. No additional unrelated secrets or config paths are requested.
Persistence & Privilege
always:false (default) and no claims of modifying other skills or system-wide settings. The skill does not request elevated or persistent privileges.
Assessment
This skill appears to do what it says: it calls Didit's phone verification APIs and needs only DIDIT_API_KEY. Before installing, verify the Didit endpoints/doc links are legitimate for your organization, keep the DIDIT_API_KEY secret, and confirm any billing implications (sending SMS/WhatsApp costs credits). If you plan to run the included Python script, ensure the runtime has the 'requests' package and that your agent won't accidentally include the API key in logs or transcripts. Be cautious about populating optional fraud signals (IP, device_id, user_agent) because they contain user-sensitive metadata. If you need stronger assurance, ask the publisher for their official homepage/source repository (the registry metadata lists no homepage while SKILL.md references docs.didit.me).

Like a lobster shell, security has layers — review code before you run it.

latestvk97fjj5tywh88pqypfnsrntzgh827fv2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📱 Clawdis
EnvDIDIT_API_KEY
Primary envDIDIT_API_KEY

Comments