Google Messages

This skill generally does what it claims: it injects a browser observer into messages.google.com and runs a local Node webhook that can forward SMS previews to OpenClaw channels. The immediate, serious issue is that the webhook builds a shell command string (using child_process.execSync) that interpolates SMS text and notification-target values; because shell expansion and command substitution still occur inside double quotes, a crafted SMS could execute arbitrary commands as the user running the webhook. Before installing or running this skill: - Do not run the webhook as a high-privilege account. Run it in an isolated, unprivileged user or container. - Prefer fixing the code: replace execSync with a safe invocation that avoids a shell (use child_process.spawn or execFile with args array) or use an OpenClaw API/SDK rather than shelling out. Properly validate/escape all inputs passed to shell if you cannot avoid shell invocation. - If you must use the provided code, at minimum sanitize/whitelist SMS content and validate SMS_NOTIFICATION_TARGET to prevent injection. - Consider disabling automatic forwarding until the command-injection issue is addressed, or keep SMS_NOTIFICATION_TARGET unset so notifications are logged only. - Review and trust the author/source; if you cannot verify the repository or author, treat this as higher risk. If you want, I can produce a secure patch that replaces the execSync call with a safe spawn/execFile pattern or adds robust escaping/whitelisting for notification targets and message content.