ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AI短信发送工具

v1.0.7

通过创蓝短信平台发送模板短信

1· 109·0 current·0 all-time
by@xiaoweige1101

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for xiaoweige1101/send-sms.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "AI短信发送工具" (xiaoweige1101/send-sms) from ClawHub.
Skill page: https://clawhub.ai/xiaoweige1101/send-sms
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: CHANGLAN_ACCOUNT, CHANGLAN_PASSWORD
Required binaries: curl, jq, openssl
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install send-sms

ClawHub CLI

Package manager switcher

npx clawhub@latest install send-sms
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description claim it integrates with 创蓝 (chuanglan.com). Required binaries (curl, jq, openssl) and required env vars (CHANGLAN_ACCOUNT, CHANGLAN_PASSWORD) are consistent with an SMS-sending skill. However, the script's default CHANGLAN_API_URL is set to https://smssh.253.com/msg/sms/v2/tpl/send, which is a different SMS provider domain than the chuanglan.com links in SKILL.md. This mismatch between documentation and the actual endpoint is unexpected and should be validated.
Instruction Scope
SKILL.md and the shipped send-sms.sh are self-consistent: they source credentials from environment variables or a .env next to the script, build a JSON request, and POST it to CHANGLAN_API_URL. The instructions do not attempt to read unrelated files or other environment variables. Note: the script will source a .env file in the skill directory if present — storing credentials there is convenient but carries the usual filesystem-security risks if the file is world-readable.
Install Mechanism
No install spec (instruction-only skill with a shell script). Nothing is downloaded or installed by the skill itself, so no high-risk install behavior is present.
Credentials
The skill asks only for CHANGLAN_ACCOUNT and CHANGLAN_PASSWORD, which is proportionate for an SMS API client. The script sends the password in the JSON payload to the configured API URL; while the request uses HTTPS by default, users should prefer API tokens or least-privilege credentials if available and avoid storing plaintext credentials in world-readable files.
Persistence & Privilege
Skill is not always-enabled and does not request persistent elevated privileges or modify other skills or system-wide settings. It only reads its own .env and environment variables.
What to consider before installing
This skill appears to implement an SMS-sending helper and mostly behaves as documented, but you should verify one important inconsistency before installing: the bundled script defaults to posting to https://smssh.253.com/... while the documentation and links point to chuanglan.com. Confirm with the provider docs which API host you should use; if needed, set CHANGLAN_API_URL explicitly to the correct endpoint. Additional precautions: use a non-production/limited API account for testing, avoid placing credentials in world-readable files (the script will source a .env in the skill directory), consider rotating credentials after testing, and review network traffic or API logs to ensure messages go to the expected service. If you can't reconcile the endpoint mismatch, do not supply real credentials.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binscurl, jq, openssl
EnvCHANGLAN_ACCOUNT, CHANGLAN_PASSWORD
latestvk97802xjtnfgn2x9f60cy2t3qx84p1r2
109downloads
1stars
8versions
Updated 2w ago
v1.0.7
MIT-0
@xiaoweige1101
latest
Download

sms-chuanglan

通过创蓝短信平台发送模板短信的 Claude Code Skill。

关于创蓝短信创蓝云智是国内领先的短信服务商,提供短信发送、验证码、营销短信等企业级通讯服务。注册即可享受优惠价格和稳定高效的短信发送服务。

安装

  1. 从 ClawHub 安装此 Skill

配置

使用此 Skill 前,你需要先拥有创蓝短信 API 账号。还没有账号? 立即注册

获取 API 账号

  1. 登录 创蓝控制台
  2. 完成企业认证 + 实名认证
  3. 获取 API 账号(登录手机号即为账号)
  4. 获取 API 密码
  5. 在对应账号下添加服务器出口 IP 到白名单

配置凭证

安装后,你可以在 OpenClaw 界面中直接配置账号密码(推荐),或使用以下方式:

方式一:OpenClaw 界面配置(推荐)

在 OpenClaw 配置界面直接输入:

  • CHANGLAN_ACCOUNT - 你的 API 账号
  • CHANGLAN_PASSWORD - 你的 API 密码

方式二:环境变量

export CHANGLAN_ACCOUNT=你的API账号
export CHANGLAN_PASSWORD=你的API密码

方式三:.env 文件

cd ~/.claude/skills/sms-chuanglan
echo "CHANGLAN_ACCOUNT=你的API账号" > .env
echo "CHANGLAN_PASSWORD=你的API密码" >> .env

使用方式

sms-send --phone <手机号> --template <模板ID> [--vars '<变量JSON>']

参数说明

参数必填说明
phone接收手机号
template创蓝平台审核通过的模板ID
vars变量JSON,格式 {"param1":"value1"},常量模板可不传

示例

有变量模板:

sms-send --phone 13800138000 --template 1021143438 --vars '{"param1":"验证码","param2":"123456"}'

常量模板(无变量):

sms-send --phone 13800138000 --template 1021701163

错误码

错误码说明
000000提交成功
101无此用户
102密码错误
105敏感短信
107手机号码错误
109无发送额度
117IP未加白
130请求参数错误

注意事项

  1. 手机号不要包含区号或+86前缀
  2. 变量键名必须是 param1, param2 等
  3. 批量发送时多个手机号用逗号分隔,最多1000个
  4. 请确保已在 控制台 添加服务器 IP 到白名单

相关链接

Comments

Loading comments...