← 返回 Skills 市场
89
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install login-digitalme
功能描述
通过手机短信验证码完成用户登录/注册,包含发送验证码和验证码登录两个接口。
使用说明 (SKILL.md)
短信验证码登录
通过手机号和短信验证码实现用户快速登录或自动注册。
何时使用
当用户要求:发送手机验证码、用手机号登录、用验证码登录、手机号注册 时,使用此 skill。
前置条件
- 环境变量
SMS_LOGIN_BASE_URL已设置为 API 服务器地址 - 系统已安装
curl和jq
步骤一:发送验证码
向用户确认手机号后,发送验证码:
curl -s -X POST "${SMS_LOGIN_BASE_URL}/api/v1/auth/phone/send" \
-H "Content-Type: application/json" \
-d '{"phone": "'"${PHONE}"'"}' | jq .
响应判断
| 条件 | 含义 | 下一步 |
|---|---|---|
code == 200 |
发送成功 | 提示用户查看短信,进入步骤二 |
| HTTP 400 | 手机号格式错误 | 提示用户检查手机号,重新输入 |
code == 500 |
限流或系统错误 | 展示 message 内容,稍后重试 |
步骤二:验证码登录
向用户索要短信中的验证码后,发起登录:
curl -s -c - -X POST "${SMS_LOGIN_BASE_URL}/api/v1/auth/phone/login" \
-H "Content-Type: application/json" \
-d '{"phone": "'"${PHONE}"'", "code": "'"${CODE}"'"}' | jq .
响应判断
| 条件 | 含义 | 下一步 |
|---|---|---|
code == 200 |
登录成功 | 从 data.token 提取 token,后续请求用 Authorization: Bearer \x3Ctoken> |
| HTTP 400 | 参数缺失/格式错误 | 提示用户重新输入 |
code == 401 |
验证码错误或已过期 | 建议用户重新获取验证码,回到步骤一 |
登录成功时,响应头会设置 Set-Cookie: token=\x3Cvalue>,浏览器场景会自动维持会话。
Rules
- 手机号必须由用户明确提供,禁止猜测或自动填充
- 验证码必须由用户手动输入,禁止尝试自动获取或暴力枚举
- 同一手机号 60 秒内不得重复发送验证码
- 输出中不要暴露完整 token,最多显示前 20 个字符加省略号
- 中国大陆手机号为 11 位数字且以 1 开头,发送前先做格式校验
- 登录失败时必须向用户展示具体错误信息
安全使用建议
This skill's behavior (calling an SMS API via SMS_LOGIN_BASE_URL) matches its description, but the package metadata incorrectly lists a required environment variable named '180.184.28.174:30080' and marks that as the primary credential. Before installing or using it: 1) ask the author to correct the metadata so the required env var is SMS_LOGIN_BASE_URL (not an IP literal), and confirm what backend that variable should point to; 2) verify the API host is trusted (don't point SMS_LOGIN_BASE_URL to an unknown IP); 3) avoid supplying high-privilege credentials or tokens unless the service is verified; 4) because the skill comes from an unknown source with no homepage, prefer to test it in an isolated/dev environment and inspect network calls; and 5) require the skill to explicitly document how tokens are stored/used to ensure they won't be exfiltrated. These inconsistencies make the package suspicious rather than clearly benign.
功能分析
Type: OpenClaw Skill
Name: login-digitalme
Version: 1.0.0
The skill implements an SMS-based login flow that transmits sensitive user information (phone numbers and verification codes) to a hardcoded IP address (180.184.28.174:30080) via curl in SKILL.md. The use of a raw IP address and the likely transmission of credentials over unencrypted HTTP (as implied by the port and lack of HTTPS in the base URL) constitutes a significant security vulnerability. While the skill includes defensive instructions for the agent, such as not guessing phone numbers or exposing full tokens, the insecure transport of authentication data is a high-risk behavior.
能力评估
Purpose & Capability
The SKILL.md behavior (using curl+jq to call an API at SMS_LOGIN_BASE_URL to send/login with SMS codes) is coherent for an SMS-login helper. However, the declared required env var and primaryEnv are set to the literal '180.184.28.174:30080' (an IP:port), which does not match the SKILL.md's documented SMS_LOGIN_BASE_URL. That mismatch is unexpected and disproportionate to the stated purpose.
Instruction Scope
The instructions are narrowly scoped: confirm phone from user, POST to /send and /login endpoints, parse JSON with jq, extract token from data.token, and avoid exposing full tokens. They explicitly forbid guessing phones or auto-enumerating codes. They reference only SMS_LOGIN_BASE_URL, PHONE, and CODE at runtime.
Install Mechanism
Instruction-only skill with no install spec and no code files; required binaries are only curl and jq. This is low install risk and appropriate for a curl-based API helper.
Credentials
The skill declares a required env var named '180.184.28.174:30080' and lists that as primaryEnv, but SKILL.md expects SMS_LOGIN_BASE_URL. Requiring an IP:port string as an env var name is incoherent and may indicate misconfiguration or a hidden intent to force use of a specific backend. No credentials (API keys) are requested, which is reasonable, but the incorrect env-var declaration is a red flag.
Persistence & Privilege
The skill does not request persistent/always-on presence and does not write installs or system configs; autonomous invocation is allowed (platform default) but not combined with other high-privilege requests.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install login-digitalme - 安装完成后,直接呼叫该 Skill 的名称或使用
/login-digitalme触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of SMS-based login/register skill.
- Enables user login and registration via SMS verification code.
- Provides commands for sending verification codes and logging in with code.
- Includes clear error handling and user guidance for each step.
- Enforces input validation and security-minded output rules.
- Requires environment variable configuration and curl, jq dependencies.
元数据
常见问题
login-digitalme 是什么?
通过手机短信验证码完成用户登录/注册,包含发送验证码和验证码登录两个接口。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 89 次。
如何安装 login-digitalme?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install login-digitalme」即可一键安装,无需额外配置。
login-digitalme 是免费的吗?
是的,login-digitalme 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
login-digitalme 支持哪些平台?
login-digitalme 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 login-digitalme?
由 GuoLai806(@guolai806)开发并维护,当前版本 v1.0.0。
推荐 Skills