pidgesms
PassAudited by ClawScan on May 1, 2026.
Overview
This is a transparent SMS wrapper for the pidge CLI, but it can send and read real phone messages, so users should configure and use it carefully.
Install this only if you are comfortable letting OpenClaw use pidge to access your Android phone’s SMS gateway. Verify the pidge CLI source, protect ~/.config/pidge/config.toml, confirm every recipient and message before sending, avoid bulk or sensitive SMS content, and read private texts only in a private context.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistake could send a text to the wrong number or send content the user did not intend.
The skill exposes a CLI command that can send real SMS messages; this is purpose-aligned, and the same file adds confirmation and anti-bulk safety rules.
pidge send "+1XXXXXXXXXX" "Your message here"
Confirm the recipient and exact message text before every send, and keep the no-bulk/no-sensitive-information rules enabled.
Anyone using the skill through the configured agent may be able to read or send SMS through the configured phone.
The local pidge configuration supplies the gateway connection used to act through the user's Android phone, giving the skill delegated SMS authority.
pidge reads its config from `~/.config/pidge/config.toml` — no env vars needed.
Use this only with the intended phone/gateway, protect the pidge config file and gateway credentials, and remove or disable the config if you no longer want SMS access.
Future upstream changes to pidge could change behavior after installation.
The skill depends on an external CLI installed from GitHub at the moving `@latest` version; no pidge code is included in this skill package.
"install": "go install github.com/typhonius/pidge@latest"
Install pidge from a trusted source, consider pinning a specific version, and review the upstream project before granting it SMS gateway access.
Private SMS content could be shown in an agent response if the user requests inbox access in an inappropriate context.
Reading the SMS inbox can bring private message content into the agent context; the skill also includes rules not to expose full private messages in group contexts.
pidge inbox pidge inbox --unread pidge inbox --json
Use inbox-reading commands only in private contexts and prefer summaries unless full message text is explicitly needed.