功能描述

Call EngageLab SMS REST APIs to send SMS messages and manage SMS templates and signatures (sender IDs). Use this skill whenever the user wants to send an SMS...

使用说明 (SKILL.md)

EngageLab SMS API Skill

Name: EngageLab SMS
Author: devengagelab

This skill enables you to interact with the EngageLab SMS REST API. It covers three areas:

Send SMS — Send notification or marketing SMS to one or more recipients
Template Management — Create, read, update, and delete SMS templates
Signature (Sender ID) Management — Create, read, update, and delete sender ID signatures

Resources

scripts/

sms_client.py — Python client class (EngageLabSMS) wrapping all API endpoints: send_sms() (immediate and scheduled), template CRUD (list_templates(), get_template(), create_template(), update_template(), delete_template()), and signature CRUD (list_signatures(), get_signature(), create_signature(), update_signature(), delete_signature()). Handles authentication, request construction, and typed error handling. Use as a ready-to-run helper or import into the user's project.

references/

template-and-signature-api.md — Full request/response field specs for all template and signature endpoints
error-codes.md — Complete error code tables for SMS sending and template/signature operations

Authentication

All EngageLab SMS API calls use HTTP Basic Authentication.

Base URL: https://smsapi.engagelab.com
Header: Authorization: Basic \x3Cbase64(dev_key:dev_secret)>
Content-Type: application/json

The user must provide their dev_key and dev_secret (also called apikey and apisecret). Encode them as base64("dev_key:dev_secret") and set the Authorization header.

Example (using curl):

curl -X POST https://smsapi.engagelab.com/v1/messages \
  -H "Content-Type: application/json" \
  -H "Authorization: Basic $(echo -n 'YOUR_DEV_KEY:YOUR_DEV_SECRET' | base64)" \
  -d '{ ... }'

If the user hasn't provided credentials, ask them for their dev_key and dev_secret before generating API calls.

Quick Reference — All Endpoints

Operation	Method	Path
Send SMS	`POST`	`/v1/messages`
List templates	`GET`	`/v1/template-configs`
Get template	`GET`	`/v1/template-configs/:templateId`
Create template	`POST`	`/v1/template-configs`
Update template	`PUT`	`/v1/template-configs/:templateId`
Delete template	`DELETE`	`/v1/template-configs/:templateId`
List signatures	`GET`	`/v1/sign-configs`
Get signature	`GET`	`/v1/sign-configs/:signId`
Create signature	`POST`	`/v1/sign-configs`
Update signature	`PUT`	`/v1/sign-configs/:signId`
Delete signature	`DELETE`	`/v1/sign-configs/:signId`

Sending SMS

Endpoint: POST /v1/messages

Request Body

{
  "to": ["+6591234567"],
  "template": {
    "id": "TEMPLATE_ID",
    "params": {
      "var_name": "value"
    }
  },
  "plan_name": "Optional plan name",
  "schedule_time": 1700000000,
  "custom_args": {}
}

Parameters

Field	Type	Required	Description
`to`	`string[]`	Yes	Target phone numbers (include country code)
`template.id`	`string`	Yes	ID of an approved SMS template
`template.params`	`object`	Yes	Key-value pairs matching template variables (e.g., `{{name}}` → `{"name": "Bob"}`)
`plan_name`	`string`	No	Plan name, defaults to `"-"`
`schedule_time`	`integer`	No	Unix timestamp for scheduled sends; omit for immediate
`custom_args`	`object`	No	Custom parameters for tracking

Template Variables

If the template contains {{var}} placeholders, populate them via params. For example, for template content "Hi {{name}}, your code is {{code}}", pass:

"params": { "name": "Alice", "code": "123456" }

Unpopulated variables are sent literally as {{var}}.

Response

Success (single target):

{
  "plan_id": "1972488990548348928",
  "total_count": 1,
  "accepted_count": 1,
  "message_id": "1972488990804201472"
}

Success (scheduled):

{
  "plan_id": "1972492618659033088",
  "total_count": 1,
  "accepted_count": 1,
  "schedule_info": { "task_id": 1972492621368553472 }
}

Error: Contains code (non-zero) and message fields alongside plan_id.

For the full error code table, read references/error-codes.md.

Template Management

Templates define the SMS content. Each template must pass review before it can be used for sending.

For full request/response details and field descriptions, read references/template-and-signature-api.md.

Key Rules

Template content cannot contain: 【, 】, 、, 测试, test, [, ]
After creation or update, templates enter Pending Review status (status=1) and cannot be used until Approved (status=2)
Templates in Pending Review cannot be updated
Templates tied to pending/running message plans cannot be updated or deleted
Template types: utility (notification), marketing (marketing)

CRUD Summary

Create — POST /v1/template-configs

{
  "template_name": "Order Notification",
  "template_type": "utility",
  "template_content": "Your order {order_no} has shipped, arriving by {delivery_time}.",
  "country_codes": "CN,US",
  "add_signature": true,
  "sign_id": "SIGNATURE_ID",
  "sign_position": 2
}

List all — GET /v1/template-configs (returns array)

Get one — GET /v1/template-configs/:templateId

Update — PUT /v1/template-configs/:templateId (same body as create, all fields required)

Delete — DELETE /v1/template-configs/:templateId

Signature (Sender ID) Management

Signatures identify the sender and are attached to templates. They also go through a review process.

For full request/response details and field descriptions, read references/template-and-signature-api.md.

Key Rules

Signature name: 2–60 characters, cannot contain 【, 】, [, ]
Names must be unique within the same business
After creation or update, signatures enter Pending Review (status=1)
Signatures in Pending Review cannot be updated
Signatures tied to pending/running plans cannot be updated or deleted

CRUD Summary

Create — POST /v1/sign-configs

{ "sign_name": "MyCompany" }

List all — GET /v1/sign-configs (returns array)

Get one — GET /v1/sign-configs/:signId

Update — PUT /v1/sign-configs/:signId (same body as create)

Delete — DELETE /v1/sign-configs/:signId

Generating Code

When the user asks to send SMS or manage templates/signatures, generate working code. Default to curl unless the user specifies a language. Supported patterns:

curl — Shell commands with proper auth header
Python — Using requests library
Node.js — Using fetch or axios
Java — Using HttpClient
Go — Using net/http

Always include the authentication header and proper error handling. Use placeholder values like YOUR_DEV_KEY and YOUR_DEV_SECRET if the user hasn't provided credentials.

Status Codes Reference

Value	Template/Signature Status
1	Pending Review
2	Approved
3	Rejected

Value	Signature Position
0	No Signature
1	Prefix
2	Suffix

Value	Template Type
`utility`	Notification
`marketing`	Marketing

安全使用建议

This skill appears to implement a legitimate EngageLab SMS client, but the registry metadata does not declare the dev_key/dev_secret that the code and SKILL.md require. Before installing or using it: (1) Verify the publisher/source and confirm why credential fields are missing from the registry entry. (2) Do not paste production API keys into an unknown skill; prefer creating a limited-test API key with minimal permissions to try the skill. (3) Confirm the endpoint domain (smsapi.engagelab.com) is correct and owned by the service you expect. (4) Ensure the platform will store any keys securely (agent secret storage) rather than embedding them in logs or prompts. (5) If you need stronger assurance, request that the publisher update the package metadata to declare required credentials (primaryEnv or requires.env) and/or provide reproducible provenance (homepage, author) so you can audit or run the included python client in an isolated environment first. If the publisher cannot explain the missing credential declarations, treat the package with caution.

功能分析

Type: OpenClaw Skill Name: engagelab-sms Version: 1.0.1 The skill provides a legitimate integration for the EngageLab SMS REST API, allowing an AI agent to send messages and manage templates/signatures. The Python client (sms_client.py) uses standard libraries for HTTP requests and follows the documented API specifications without any signs of data exfiltration, malicious execution, or prompt injection.

能力评估

ℹ Purpose & Capability

The name/description, SKILL.md, and the provided Python client all consistently implement EngageLab SMS send/template/signature functionality and call https://smsapi.engagelab.com — the requested capabilities align with the stated purpose. However, the skill metadata lists no required credentials or primaryEnv while both the documentation and the code expect a dev_key/dev_secret. That mismatch is unexpected.

✓ Instruction Scope

SKILL.md limits runtime actions to constructing HTTP requests to the EngageLab API and instructs the agent to ask the user for dev_key/dev_secret if not present. It does not instruct reading arbitrary system files or contacting unrelated endpoints. The runtime instructions are scoped to the service described.

✓ Install Mechanism

There is no install spec (instruction-only plus a single Python client file). No downloads from external or shortener URLs are present. The code depends on the requests library but nothing is automatically installed by the skill spec itself.

⚠ Credentials

The skill requires API credentials (dev_key and dev_secret) to operate, and the code/doc describe using HTTP Basic Auth with those keys — this is proportionate to an SMS API client. The problem is that the package metadata declares no required env vars or primary credential. Missing declarations mean the registry-level permission/credential model is incomplete and could lead to accidental credential exposure or unclear handling by the agent platform.

✓ Persistence & Privilege

The skill does not request persistent presence (always:false) and does not appear to modify other skills or system-wide agent configuration. It only contains a client library and documentation.

版本历史

v1.0.1

- No functional changes in this release. - Documentation updated: `to` parameter example in SMS requests changed from a Chinese phone number to a Singaporean phone number in the usage section.

v1.0.0

engagelab-sms 1.0.0 — Initial Release - Introduces skill for interacting with EngageLab SMS REST API. - Supports sending SMS messages, and creating, reading, updating, and deleting SMS templates and sender ID signatures. - Includes robust authentication instructions and example code in curl, Python, Node.js, Java, and Go. - Provides full endpoint references and in-depth usage documentation for all resource operations. - Features error code references and quick-access tables for status values.

元数据

Slug engagelab-sms

版本 1.0.1

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 2

常见问题

EngageLab SMS 是什么？

Call EngageLab SMS REST APIs to send SMS messages and manage SMS templates and signatures (sender IDs). Use this skill whenever the user wants to send an SMS... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 305 次。

如何安装 EngageLab SMS？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install engagelab-sms」即可一键安装，无需额外配置。

EngageLab SMS 是免费的吗？

是的，EngageLab SMS 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

EngageLab SMS 支持哪些平台？

EngageLab SMS 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 EngageLab SMS？

由 DevEngageLab（@devengagelab）开发并维护，当前版本 v1.0.1。

EngageLab SMS

EngageLab SMS API Skill

Resources

scripts/

references/

Authentication

Quick Reference — All Endpoints

Sending SMS

Request Body

Parameters

Template Variables

Response

Template Management

Key Rules

CRUD Summary

Signature (Sender ID) Management

Key Rules

CRUD Summary

Generating Code

Status Codes Reference

EngageLab SMS 是什么？

如何安装 EngageLab SMS？

EngageLab SMS 是免费的吗？

EngageLab SMS 支持哪些平台？

谁开发了 EngageLab SMS？

💬 留言讨论