← 返回 Skills 市场
Bandwidth
作者
aiwithabidi
· GitHub ↗
· v1.0.0
594
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install bandwidth
功能描述
Bandwidth — messaging, voice calls, phone numbers, and 911 services.
使用说明 (SKILL.md)
📡 Bandwidth
Bandwidth — messaging, voice calls, phone numbers, and 911 services.
Requirements
| Variable | Required | Description |
|---|---|---|
BANDWIDTH_API_TOKEN |
✅ | Bandwidth API token |
BANDWIDTH_ACCOUNT_ID |
✅ | Account ID |
Quick Start
# Send SMS/MMS
python3 {{baseDir}}/scripts/bandwidth.py send-message --from \x3Cvalue> --to \x3Cvalue> --text \x3Cvalue> --application-id \x3Cvalue>
# List messages
python3 {{baseDir}}/scripts/bandwidth.py list-messages --from \x3Cvalue> --to \x3Cvalue>
# Create outbound call
python3 {{baseDir}}/scripts/bandwidth.py create-call --from \x3Cvalue> --to \x3Cvalue> --answer-url \x3Cvalue> --application-id \x3Cvalue>
# Get call details
python3 {{baseDir}}/scripts/bandwidth.py get-call \x3Cid>
# List phone numbers
python3 {{baseDir}}/scripts/bandwidth.py list-numbers
# Search available numbers
python3 {{baseDir}}/scripts/bandwidth.py search-numbers --area-code \x3Cvalue> --quantity "10"
# Order phone number
python3 {{baseDir}}/scripts/bandwidth.py order-number --numbers "comma-separated"
# List applications
python3 {{baseDir}}/scripts/bandwidth.py list-applications
Output Format
All commands output JSON by default.
Script Reference
| Script | Description |
|---|---|
{baseDir}/scripts/bandwidth.py |
Main CLI — all commands in one tool |
Credits
Built by M. Abidi | agxntsix.ai YouTube | GitHub Part of the AgxntSix Skill Suite for OpenClaw agents.
📅 Need help setting up OpenClaw for your business? Book a free consultation
安全使用建议
This skill appears to implement a Bandwidth CLI and only needs a Bandwidth API token and account id, which is reasonable — but take these precautions before installing: 1) Inspect or run the script in an isolated environment; it will call messaging.bandwidth.com only, but verify network requests match your expectations. 2) Do not point WORKSPACE at a directory containing unrelated secrets: the script will try to read a .env file (default ~/.openclaw/workspace/.env) to obtain credentials. 3) The script has a bug: argparse stores --from into args.from_addr but the code looks for args.from; expect command failures or incorrect behavior — either fix the argument names or contact the author. 4) Use a dedicated Bandwidth API token with minimal scope, and avoid reusing high-privilege credentials. 5) Verify the skill author/homepage (agxntsix.ai) if provenance matters. If you need this functionality but want lower risk, consider using a well-maintained official Bandwidth SDK or a vetted third-party integration.
功能分析
Type: OpenClaw Skill
Name: bandwidth
Version: 1.0.0
The skill bundle is classified as suspicious primarily due to a potential Server-Side Request Forgery (SSRF) vulnerability in `scripts/bandwidth.py`. The `cmd_create_call` function passes a user-controlled `--answer-url` directly to the Bandwidth API. If an attacker can control this URL, they could potentially instruct the Bandwidth API to make requests to arbitrary internal or external hosts, leveraging the API as a proxy for network scanning or accessing internal resources. While there is no evidence of intentional malicious behavior by the skill author, this capability presents a significant security risk. Additionally, the `get_env` function reads API tokens from a `.env` file in the workspace, which could be a minor security concern if the file is not adequately protected.
能力评估
Purpose & Capability
Name/description, required env vars (BANDWIDTH_API_TOKEN, BANDWIDTH_ACCOUNT_ID), and the API base (messaging.bandwidth.com) align with a Bandwidth messaging/voice CLI. Nothing requests unrelated cloud providers or services.
Instruction Scope
SKILL.md describes CLI commands that call scripts/bandwidth.py, but the script contains argument-handling bugs (functions check getattr(args, 'from') while argparse stores values in args.from_addr). The script also silently falls back to reading a .env file under WORKSPACE or ~/.openclaw/workspace to obtain credentials — this behavior is not documented in SKILL.md. These inconsistencies could cause unexpected failures or unintentional exposure of values from a workspace .env.
Install Mechanism
No install spec; the skill is instruction-only with a single Python script and claims to use only the standard library. No external downloads or package installs are requested.
Credentials
Only two credentials are required and are appropriate for the declared purpose. However, the code also reads WORKSPACE (if set) and a .env file in a workspace directory to find those env vars — this fallback is not declared and could read other files containing secrets. Consider that the script will search ~/.openclaw/workspace/.env by default.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent privileges or modify other skills/configuration. Autonomous invocation is allowed (platform default) but not a unique elevation here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install bandwidth - 安装完成后,直接呼叫该 Skill 的名称或使用
/bandwidth触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of the Bandwidth skill.
- Send and list SMS/MMS messages from the command line.
- Create outbound voice calls and retrieve call details.
- Manage phone numbers: list, search, and order.
- List registered Bandwidth applications.
- All commands available through a single CLI script; outputs JSON.
- Requires only Python 3.10+ (no external dependencies).
元数据
常见问题
Bandwidth 是什么?
Bandwidth — messaging, voice calls, phone numbers, and 911 services. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 594 次。
如何安装 Bandwidth?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install bandwidth」即可一键安装,无需额外配置。
Bandwidth 是免费的吗?
是的,Bandwidth 完全免费(开源免费),可自由下载、安装和使用。
Bandwidth 支持哪些平台?
Bandwidth 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Bandwidth?
由 aiwithabidi(@aiwithabidi)开发并维护,当前版本 v1.0.0。
推荐 Skills