by 安全扫描
OpenClaw
可疑
high confidenceThe skill implements the described Google Messages automation and local webhook forwarding, but its webhook forwards SMS content by constructing a shell command with user-controlled text (SMS previews) which enables shell-injection risk and is a notable implementation flaw you should address before use.
评估建议
This skill generally does what it claims: it injects a browser observer into messages.google.com and runs a local Node webhook that can forward SMS previews to OpenClaw channels. The immediate, serious issue is that the webhook builds a shell command string (using child_process.execSync) that interpolates SMS text and notification-target values; because shell expansion and command substitution still occur inside double quotes, a crafted SMS could execute arbitrary commands as the user running th...详细分析 ▾
✓ 用途与能力
Name, description, SKILL.md, and required env vars (SMS_NOTIFICATION_TARGET, SMS_NOTIFICATION_CHANNEL) align with sending/receiving SMS and forwarding them via OpenClaw. Required binary (node) and the presence of browser automation/observer scripts are reasonable for this purpose.
⚠ 指令范围
Runtime instructions tell the agent to inject a DOM-observer into messages.google.com and run a local webhook to receive previews — that matches the stated purpose. However the webhook's runtime behavior forwards SMS previews into a shell command (via execSync), meaning incoming SMS text (untrusted user data) is placed into a command line; this gives the ability for a malicious or specially-crafted SMS to execute arbitrary shell commands as the user running the webhook.
✓ 安装机制
No external downloads or remote installers are used; the package is instruction + Node scripts. There is no install spec that pulls arbitrary code from third-party URLs. This is lower-risk than a skill that downloads binaries at install time.
⚠ 凭证需求
The skill only requests two environment variables that match its forwarding feature. However, the webhook uses SMS content together with SMS_NOTIFICATION_TARGET and SMS_NOTIFICATION_CHANNEL to build a shell command. Because environment values and SMS previews are interpolated into a shell invocation without robust sanitization, the environment/credential model plus message content is disproportionally risky: untrusted SMS content can be used to inject shell operations.
✓ 持久化与权限
The skill is not forced-always and uses an optional user systemd service for persistence; that is reasonable for a local notification agent. It does not request elevated system-wide privileges or modify other skills' configs.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv0.1.02026/2/1
Initial release of google-messages-openclaw-skill. - Enables sending and receiving SMS/RCS via Google Messages web interface. - Automates message workflow: pairing, sending, and receiving texts using the browser tool. - Provides real-time incoming SMS notifications via webhook forwarding. - Includes setup instructions for QR pairing, persistent session, and systemd service. - Details command references, selectors, troubleshooting, and security practices.
● 可疑
安装命令 点击复制
官方npx clawhub@latest install google-messages-openclaw-skill
镜像加速npx clawhub@latest install google-messages-openclaw-skill --registry https://cn.clawhub-mirror.com
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制