← Back to Skills Marketplace
Telnyx Bot Signup
by
teamtelnyx
· GitHub ↗
· v1.1.0
677
Downloads
0
Stars
1
Active Installs
2
Versions
Install in OpenClaw
/install telnyx-bot-signup
Description
Automated Telnyx bot account signup via Proof of Work challenge
Usage Guidance
This skill automates Telnyx's PoW signup flow and includes a solver script — that's consistent with the description. However, the registry metadata's declaration that TELNYX_API_KEY is the primary credential does not match the documented flow (the skill creates a new API key rather than requiring one). Do not provide an existing TELNYX_API_KEY to this skill unless you understand why it's needed. Also be careful when pasting the single-use sign-in link or session token: that link yields a session token and can be used to create API keys, so only paste it into a trusted environment and avoid sending it to public or third-party services. If you want to proceed, verify the skill's publisher/source, run the provided pow_solver.py locally (in a background worker or isolated environment because it can be CPU-intensive), and prefer using official Telnyx web signup flows if you have doubts.
Capability Analysis
Type: OpenClaw Skill
Name: telnyx-bot-signup
Version: 1.1.0
The skill's stated purpose is to automate Telnyx bot account signup, which is benign. However, the `scripts/pow_solver.py` contains a potential remote code execution vulnerability: the `getattr(hashlib, algorithm)` call uses an `algorithm` parameter that, if controlled by an attacker (e.g., via a manipulated Telnyx API response or prompt injection), could execute arbitrary functions. Additionally, the skill instructs the agent to `curl -L` a URL obtained from email or user input, which could be exploited if a malicious link is provided without proper validation by the agent. These are significant vulnerabilities that allow attacks, leading to a 'suspicious' classification.
Capability Assessment
Purpose & Capability
The skill's description is a Telnyx signup helper and the runtime instructions show a flow that does not require an existing Telnyx API key. Yet registry metadata marks TELNYX_API_KEY as the primary credential. Requesting an existing TELNYX_API_KEY is not justified by the SKILL.md and is disproportionate to the stated purpose.
Instruction Scope
SKILL.md stays within the signup flow: obtaining a PoW challenge, running the bundled solver, submitting signup, handling the magic link email, and exchanging a session token for a new API key. It warns about CPU cost and advises running the solver off the main thread. One sensitivity: the flow asks the user to paste a single-use sign-in link (which yields a session token). That link/session token is sensitive and the skill will exchange it for a permanent API key, so the user must avoid pasting it into untrusted or public channels.
Install Mechanism
No install script; instruction-only skill with one small local Python solver script. No network installs or remote downloads are performed by the skill itself.
Credentials
The only declared required environment/credential is TELNYX_API_KEY, but none of the SKILL.md steps use it: endpoints in the flow are accessed without a pre-existing API key and the flow creates a new API key for the new account. Declaring TELNYX_API_KEY as the primary credential appears unjustified and could lead users to expose an existing key unnecessarily.
Persistence & Privilege
always is false, no install-time modifications, and the skill does not request system-wide privileges. Autonomous invocation is allowed (platform default) but not combined with other privilege escalation signals.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install telnyx-bot-signup - After installation, invoke the skill by name or use
/telnyx-bot-signup - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
Added resend magic link endpoint (POST /v2/bot_signup/resend_magic_link) as fallback when verification email doesn't arrive or expires. Includes rate limits (3 resends, 60s cooldown).
v1.0.0
Initial release: automated Telnyx bot account signup via Proof of Work challenge. Includes PoW solver script, email verification flow, and API key generation.
Metadata
Frequently Asked Questions
What is Telnyx Bot Signup?
Automated Telnyx bot account signup via Proof of Work challenge. It is an AI Agent Skill for Claude Code / OpenClaw, with 677 downloads so far.
How do I install Telnyx Bot Signup?
Run "/install telnyx-bot-signup" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Telnyx Bot Signup free?
Yes, Telnyx Bot Signup is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Telnyx Bot Signup support?
Telnyx Bot Signup is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Telnyx Bot Signup?
It is built and maintained by teamtelnyx (@teamtelnyx); the current version is v1.1.0.
More Skills