ClawHub

VirtualSMS — Real SIM SMS Verification

Security checks across malware telemetry and agentic risk

Overview

This skill clearly does SMS verification, but it gives agents broad paid access to real-SIM OTP/account-verification workflows without enough safeguards.

Install only if you intentionally need VirtualSMS for lawful, authorized SMS verification on accounts you own or are explicitly allowed to manage. Treat OTP codes and the API key as sensitive, review the external MCP server or npm package before use, set spending controls where possible, and require explicit confirmation before any number purchase or OTP retrieval.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README explicitly promotes procuring real SIM numbers and receiving OTP/SMS verification codes for a very broad set of third-party services, including financial and social platforms, but provides no warnings about privacy, user consent, legal restrictions, or service Terms of Service. In an agent-skill context, this omission is dangerous because it normalizes automated acquisition of verification channels that can enable account creation, policy evasion, or unauthorized access workflows, especially when used by autonomous agents.

Natural-Language Policy Violations

High
Confidence
97% confidence
Finding
The skill explicitly promotes using disposable real-SIM numbers to verify accounts on a wide range of third-party consumer platforms, including services commonly associated with anti-abuse controls, without requiring proof of authorization, user ownership, or legitimate purpose. In this context, the tool materially enables account creation, evasion of platform phone-verification controls, and scalable abuse by an agent, making the absence of safeguards a real security and abuse risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs agents to route OTP and verification flows through a third-party SMS provider but does not warn that SMS contents, phone numbers, and related metadata may be exposed to that provider or retained in logs. This omission can lead users or downstream agents to process sensitive authentication messages without understanding privacy, compliance, account-lockout, or terms-of-service risks, especially for high-sensitivity services.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list includes broad, common phrases such as "phone number," "OTP code," and "account verification," which can cause the skill to activate for many ordinary or unrelated user requests. In a skill that provisions real SIM numbers and handles SMS verification, overbroad activation increases the chance of unintended use in sensitive account-creation, login, or verification flows without sufficient user awareness or narrowing context.

Missing User Warnings

Low
Confidence
77% confidence
Finding
The manifest declares use of the VIRTUALSMS_API_KEY credential but the user-facing description does not clearly warn that the skill relies on a paid external service and transmits requests to a third-party SMS provider. This can reduce transparency and informed consent, especially because the skill is designed to obtain phone numbers and receive verification messages, which may involve sensitive account or authentication workflows.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal