短信验证码查询助手

v1.0.2

短信验证码查询助手（Python3实现）。通过手机号查询最新短信验证码，返回验证码、短信内容和发送时间。

⭐ 0· 22·0 current·0 all-time

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for romicboy/sms-verify-code-assistant.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "短信验证码查询助手" (romicboy/sms-verify-code-assistant) from ClawHub.
Skill page: https://clawhub.ai/romicboy/sms-verify-code-assistant
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install romicboy/sms-verify-code-assistant

ClawHub CLI

Package manager switcher

npx clawhub@latest install sms-verify-code-assistant

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

Functionality (query SMS by phone, return code/content/time) matches the code: it POSTs the mobile to an external API and prints the response. However package/registry metadata is inconsistent: registry 'Requirements' section reported none, while package.json and SKILL.md clearly require SMS_AUTH_TOKEN. Version in package.json (1.0.0) differs from registry version (1.0.2). These mismatches reduce confidence in provenance/maintenance.

Instruction Scope

SKILL.md instructs running scripts using absolute developer-specific paths (/home/gem/workspace/agent/skills/...), which may not exist and suggests the docs were copied from a developer environment. It instructs setting SMS_AUTH_TOKEN and restarting the gateway — reasonable for operation — but the docs also mention reading a .env file although the code only checks environment variables. Debug mode prints full request/response data (which will include sensitive SMS contents) — expected for debugging but increases risk if logs are exposed. No other unrelated files, env vars, or system paths are referenced.

✓

Install Mechanism

No install spec; this is instruction/code-only (Python scripts). Nothing is downloaded or written during install by the skill manifest itself, which minimizes install-time risk.

Credentials

The only runtime credential used is SMS_AUTH_TOKEN (declared in package.json and SKILL.md). That is proportionate to calling an authenticated SMS API. However registry metadata incorrectly listed 'Required env vars: none' which is inconsistent. The script will send the SMS_AUTH_TOKEN in an Authorization header to an external endpoint (https://apps.ddguanhuai.com/customize-php/lejian) — the skill provides no homepage or source origin to verify who operates that API, so providing a token would hand it to an unknown third party.

✓

Persistence & Privilege

Skill does not request elevated privileges, persistent 'always' inclusion, or modifications to other skills. Default autonomous invocation remains enabled (platform default) but is not combined with additional alarming privileges.

What to consider before installing

This skill's code matches its stated job (it posts a phone number to an external SMS API and prints the returned code/content/time), but there are several red flags you should resolve before installing or providing any tokens: - Verify the skill origin: there is no homepage and the 'Source' is unknown. Ask the publisher for provenance and a trustable endpoint description. - Confirm where the SMS_AUTH_TOKEN comes from and what scope/permissions it has. Do not reuse high-privilege or personal tokens; prefer a limited-scope/test token first. - Inspect and, if possible, run the scripts in an isolated environment (VM/container) and monitor outbound network calls to ensure the API endpoints are expected. - Note the SKILL.md uses absolute developer paths and contradicts registry metadata. Expect the need to adjust invocation paths to your agent's skill directory. - If you care about logs: debug mode prints request/response bodies (including SMS content). Avoid enabling debug on production or shared systems. If you cannot verify the API operator or are uncomfortable handing a token to an unknown domain (apps.ddguanhuai.com), do not install or provide real credentials. If you proceed, supply only limited-test credentials and audit network traffic.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dwv89fmgss1cjpyjwzwg7ad85kbcd

22downloads

0stars

3versions

Updated 3h ago

v1.0.2

MIT-0

短信验证码查询助手 (Python3)

功能

验证码查询：通过手机号查询最新短信验证码
详细信息：返回验证码、短信内容和发送时间
格式化输出：清晰展示查询结果
调试模式：显示API请求和响应详情

首次配置

使用前需要配置 API Token：

openclaw config set env.vars.SMS_AUTH_TOKEN <你的token>

重启 gateway 后生效。

环境变量校验

python3 /home/gem/workspace/agent/skills/sms-verify-code-assistant/scripts/validate_env.py

返回 0 且显示 ✅ SMS_AUTH_TOKEN 已配置 表示配置成功
返回 1 且显示 ❌ SMS_AUTH_TOKEN 未配置 表示未配置

通过 openclaw skills check 检查全部 skill 状态：

openclaw skills check

使用方式

命令格式

python3 /home/gem/workspace/agent/skills/sms-verify-code-assistant/scripts/sms_verify_code.py [--debug] <手机号>

示例

基本查询：

python3 /home/gem/workspace/agent/skills/sms-verify-code-assistant/scripts/sms_verify_code.py 13888888888

调试模式：

python3 /home/gem/workspace/agent/skills/sms-verify-code-assistant/scripts/sms_verify_code.py 13888888888 --debug

输出格式

成功示例

查询手机号: 13888888888
========================================
           短信验证码查询结果
========================================
手机号: 13888888888
验证码: 302476
短信内容: 登录短信验证码：302476
发送时间: 2026-03-25 17:50:45
========================================
=== 查询完成 ===

错误示例

查询手机号: 13888888888
查询失败: 未配置环境变量 SMS_AUTH_TOKEN

技术要求

Python 3.x
标准库 urllib
有效的 Authorization token（配置在 SMS_AUTH_TOKEN 环境变量中）

Comments

Loading comments...