ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Google Messages

Send and receive SMS/RCS via Google Messages web interface (messages.google.com). Use when asked to "send a text", "check texts", "SMS", "text message", "Google Messages", or forward incoming texts to other channels.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 2k · 3 current installs · 4 all-time installs
by@kesslerio
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Name, description, SKILL.md, and required env vars (SMS_NOTIFICATION_TARGET, SMS_NOTIFICATION_CHANNEL) align with sending/receiving SMS and forwarding them via OpenClaw. Required binary (node) and the presence of browser automation/observer scripts are reasonable for this purpose.
!
Instruction Scope
Runtime instructions tell the agent to inject a DOM-observer into messages.google.com and run a local webhook to receive previews — that matches the stated purpose. However the webhook's runtime behavior forwards SMS previews into a shell command (via execSync), meaning incoming SMS text (untrusted user data) is placed into a command line; this gives the ability for a malicious or specially-crafted SMS to execute arbitrary shell commands as the user running the webhook.
Install Mechanism
No external downloads or remote installers are used; the package is instruction + Node scripts. There is no install spec that pulls arbitrary code from third-party URLs. This is lower-risk than a skill that downloads binaries at install time.
!
Credentials
The skill only requests two environment variables that match its forwarding feature. However, the webhook uses SMS content together with SMS_NOTIFICATION_TARGET and SMS_NOTIFICATION_CHANNEL to build a shell command. Because environment values and SMS previews are interpolated into a shell invocation without robust sanitization, the environment/credential model plus message content is disproportionally risky: untrusted SMS content can be used to inject shell operations.
Persistence & Privilege
The skill is not forced-always and uses an optional user systemd service for persistence; that is reasonable for a local notification agent. It does not request elevated system-wide privileges or modify other skills' configs.
What to consider before installing
This skill generally does what it claims: it injects a browser observer into messages.google.com and runs a local Node webhook that can forward SMS previews to OpenClaw channels. The immediate, serious issue is that the webhook builds a shell command string (using child_process.execSync) that interpolates SMS text and notification-target values; because shell expansion and command substitution still occur inside double quotes, a crafted SMS could execute arbitrary commands as the user running the webhook. Before installing or running this skill: - Do not run the webhook as a high-privilege account. Run it in an isolated, unprivileged user or container. - Prefer fixing the code: replace execSync with a safe invocation that avoids a shell (use child_process.spawn or execFile with args array) or use an OpenClaw API/SDK rather than shelling out. Properly validate/escape all inputs passed to shell if you cannot avoid shell invocation. - If you must use the provided code, at minimum sanitize/whitelist SMS content and validate SMS_NOTIFICATION_TARGET to prevent injection. - Consider disabling automatic forwarding until the command-injection issue is addressed, or keep SMS_NOTIFICATION_TARGET unset so notifications are logged only. - Review and trust the author/source; if you cannot verify the repository or author, treat this as higher risk. If you want, I can produce a secure patch that replaces the execSync call with a safe spawn/execFile pattern or adds robust escaping/whitelisting for notification targets and message content.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.1.0
Download zip
latestvk97924g50yqn196bz70pzbcar180ayg7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

💬 Clawdis
Binsnode
EnvSMS_NOTIFICATION_TARGET, SMS_NOTIFICATION_CHANNEL

SKILL.md

Google Messages Browser Skill

Automate SMS/RCS messaging via messages.google.com using the browser tool.

Overview

Google Messages for Web allows you to send/receive texts from your Android phone via browser. This skill automates that interface.

Requirements:

  • Android phone with Google Messages app
  • Phone and computer on same network (for initial QR pairing)
  • Browser profile with persistent session (use openclaw or your preferred profile)

Note: Replace profile=openclaw in examples with your preferred browser profile if different.

Quick Reference

ActionCommand
Open pairing pagebrowser action=open profile=openclaw targetUrl="https://messages.google.com/web/authentication"
Check sessionbrowser action=snapshot profile=openclaw — look for conversation list vs QR code
Take screenshotbrowser action=screenshot profile=openclaw

Initial Setup (QR Pairing)

First-time setup requires scanning a QR code:

  1. Open Google Messages Web

    browser action=open profile=openclaw targetUrl="https://messages.google.com/web/authentication"

  2. Screenshot the QR code and share with user

    browser action=screenshot profile=openclaw

  3. User scans with phone:

    • Open Google Messages app on Android
    • Tap ⋮ menu → "Device pairing" → "QR code scanner"
    • Scan the QR code

  4. Verify connection — snapshot should show conversation list, not QR code

Important: Enable "Remember this computer" to persist the session.

Sending Messages

  1. Navigate to conversations

    browser action=navigate profile=openclaw targetUrl="https://messages.google.com/web/conversations"

  2. Take snapshot and find conversation

    browser action=snapshot profile=openclaw

    Look for the contact in the conversation list, note the ref.

  3. Click conversation

    browser action=act profile=openclaw request={"kind": "click", "ref": "<ref>"}

  4. Type message (find textarea ref from snapshot)

    browser action=act profile=openclaw request={"kind": "type", "ref": "<input_ref>", "text": "Your message"}

  5. Click send (find send button ref)

    browser action=act profile=openclaw request={"kind": "click", "ref": "<send_ref>"}

Receiving Messages (Real-time Notifications)

This skill includes a webhook system for real-time incoming SMS notifications.

Components

  1. sms-webhook-server.js — receives notifications, forwards to OpenClaw channels
  2. sms-observer.js — browser script that watches for new messages

Setup

  1. Set environment variables:

    export SMS_NOTIFICATION_TARGET="telegram:YOUR_CHAT_ID"
export SMS_NOTIFICATION_CHANNEL="telegram"

  2. Start webhook server:

    node <skill>/sms-webhook-server.js

  3. Inject observer into browser (see references/observer-injection.md)

Systemd Service (Persistent)

cp <skill>/systemd/google-messages-webhook.service ~/.config/systemd/user/
# Edit service file: set SMS_NOTIFICATION_TARGET in Environment=
systemctl --user daemon-reload
systemctl --user enable --now google-messages-webhook

Reading Messages

See references/snippets.md for JavaScript snippets to:

  • Get recent conversations
  • Get messages in current conversation
  • Check session status

Troubleshooting

ProblemSolution
QR code shownSession expired, re-pair
Elements not foundGoogle updated UI, check snapshot for new selectors
Send button disabledMessage input empty or phone disconnected
Observer not detectingCheck browser console for [SMS Observer] logs
Webhook not receivingVerify server running: curl http://127.0.0.1:19888/health

Selectors Reference

Google Messages uses Angular components. These may change with updates.

ElementSelector
Conversation listmws-conversations-list
Conversation itemmws-conversation-list-item
Message inputtextarea[aria-label*="message"]
Send buttonbutton[aria-label*="Send"]
QR codemw-qr-code

Limitations

  • Phone must be online (messages sync through phone)
  • Browser tab must stay open for notifications
  • Session expires after ~14 days of inactivity
  • Observer lost on page reload (re-inject needed)

Security

  • Webhook listens on localhost only (127.0.0.1)
  • No credentials stored (session in browser cookies)
  • QR pairing links to your phone — treat as sensitive

License

Apache-2.0

Files

8 total
Select a file
Select a file to preview.

Comments

Loading comments…