← Back to Skills Marketplace
89
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install login-digitalme
Description
通过手机短信验证码完成用户登录/注册,包含发送验证码和验证码登录两个接口。
README (SKILL.md)
短信验证码登录
通过手机号和短信验证码实现用户快速登录或自动注册。
何时使用
当用户要求:发送手机验证码、用手机号登录、用验证码登录、手机号注册 时,使用此 skill。
前置条件
- 环境变量
SMS_LOGIN_BASE_URL已设置为 API 服务器地址 - 系统已安装
curl和jq
步骤一:发送验证码
向用户确认手机号后,发送验证码:
curl -s -X POST "${SMS_LOGIN_BASE_URL}/api/v1/auth/phone/send" \
-H "Content-Type: application/json" \
-d '{"phone": "'"${PHONE}"'"}' | jq .
响应判断
| 条件 | 含义 | 下一步 |
|---|---|---|
code == 200 |
发送成功 | 提示用户查看短信,进入步骤二 |
| HTTP 400 | 手机号格式错误 | 提示用户检查手机号,重新输入 |
code == 500 |
限流或系统错误 | 展示 message 内容,稍后重试 |
步骤二:验证码登录
向用户索要短信中的验证码后,发起登录:
curl -s -c - -X POST "${SMS_LOGIN_BASE_URL}/api/v1/auth/phone/login" \
-H "Content-Type: application/json" \
-d '{"phone": "'"${PHONE}"'", "code": "'"${CODE}"'"}' | jq .
响应判断
| 条件 | 含义 | 下一步 |
|---|---|---|
code == 200 |
登录成功 | 从 data.token 提取 token,后续请求用 Authorization: Bearer \x3Ctoken> |
| HTTP 400 | 参数缺失/格式错误 | 提示用户重新输入 |
code == 401 |
验证码错误或已过期 | 建议用户重新获取验证码,回到步骤一 |
登录成功时,响应头会设置 Set-Cookie: token=\x3Cvalue>,浏览器场景会自动维持会话。
Rules
- 手机号必须由用户明确提供,禁止猜测或自动填充
- 验证码必须由用户手动输入,禁止尝试自动获取或暴力枚举
- 同一手机号 60 秒内不得重复发送验证码
- 输出中不要暴露完整 token,最多显示前 20 个字符加省略号
- 中国大陆手机号为 11 位数字且以 1 开头,发送前先做格式校验
- 登录失败时必须向用户展示具体错误信息
Usage Guidance
This skill's behavior (calling an SMS API via SMS_LOGIN_BASE_URL) matches its description, but the package metadata incorrectly lists a required environment variable named '180.184.28.174:30080' and marks that as the primary credential. Before installing or using it: 1) ask the author to correct the metadata so the required env var is SMS_LOGIN_BASE_URL (not an IP literal), and confirm what backend that variable should point to; 2) verify the API host is trusted (don't point SMS_LOGIN_BASE_URL to an unknown IP); 3) avoid supplying high-privilege credentials or tokens unless the service is verified; 4) because the skill comes from an unknown source with no homepage, prefer to test it in an isolated/dev environment and inspect network calls; and 5) require the skill to explicitly document how tokens are stored/used to ensure they won't be exfiltrated. These inconsistencies make the package suspicious rather than clearly benign.
Capability Analysis
Type: OpenClaw Skill
Name: login-digitalme
Version: 1.0.0
The skill implements an SMS-based login flow that transmits sensitive user information (phone numbers and verification codes) to a hardcoded IP address (180.184.28.174:30080) via curl in SKILL.md. The use of a raw IP address and the likely transmission of credentials over unencrypted HTTP (as implied by the port and lack of HTTPS in the base URL) constitutes a significant security vulnerability. While the skill includes defensive instructions for the agent, such as not guessing phone numbers or exposing full tokens, the insecure transport of authentication data is a high-risk behavior.
Capability Assessment
Purpose & Capability
The SKILL.md behavior (using curl+jq to call an API at SMS_LOGIN_BASE_URL to send/login with SMS codes) is coherent for an SMS-login helper. However, the declared required env var and primaryEnv are set to the literal '180.184.28.174:30080' (an IP:port), which does not match the SKILL.md's documented SMS_LOGIN_BASE_URL. That mismatch is unexpected and disproportionate to the stated purpose.
Instruction Scope
The instructions are narrowly scoped: confirm phone from user, POST to /send and /login endpoints, parse JSON with jq, extract token from data.token, and avoid exposing full tokens. They explicitly forbid guessing phones or auto-enumerating codes. They reference only SMS_LOGIN_BASE_URL, PHONE, and CODE at runtime.
Install Mechanism
Instruction-only skill with no install spec and no code files; required binaries are only curl and jq. This is low install risk and appropriate for a curl-based API helper.
Credentials
The skill declares a required env var named '180.184.28.174:30080' and lists that as primaryEnv, but SKILL.md expects SMS_LOGIN_BASE_URL. Requiring an IP:port string as an env var name is incoherent and may indicate misconfiguration or a hidden intent to force use of a specific backend. No credentials (API keys) are requested, which is reasonable, but the incorrect env-var declaration is a red flag.
Persistence & Privilege
The skill does not request persistent/always-on presence and does not write installs or system configs; autonomous invocation is allowed (platform default) but not combined with other high-privilege requests.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install login-digitalme - After installation, invoke the skill by name or use
/login-digitalme - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of SMS-based login/register skill.
- Enables user login and registration via SMS verification code.
- Provides commands for sending verification codes and logging in with code.
- Includes clear error handling and user guidance for each step.
- Enforces input validation and security-minded output rules.
- Requires environment variable configuration and curl, jq dependencies.
Metadata
Frequently Asked Questions
What is login-digitalme?
通过手机短信验证码完成用户登录/注册,包含发送验证码和验证码登录两个接口。 It is an AI Agent Skill for Claude Code / OpenClaw, with 89 downloads so far.
How do I install login-digitalme?
Run "/install login-digitalme" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is login-digitalme free?
Yes, login-digitalme is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does login-digitalme support?
login-digitalme is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created login-digitalme?
It is built and maintained by GuoLai806 (@guolai806); the current version is v1.0.0.
More Skills