← 返回 Skills 市场
358
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install whatsapp-otp
功能描述
Send WhatsApp OTP (one-time password) messages via CMI OmniChannel RCS API. Use when user asks to send verification code, OTP, or authentication code via Wha...
安全使用建议
This skill appears to do exactly what it claims, but it contains an explicit workaround that weakens network security: the Python script disables SSL certificate verification and the scripts avoid proxies to reach a server with a broken TLS configuration. Before installing or providing credentials: 1) Verify you trust the API provider (cpaas-rcs.cmidict.com) and the tenant you will use. 2) Prefer not to reuse long‑lived credentials; use short‑lived or scoped keys if possible and rotate them after testing. 3) Run the scripts in a controlled/sandboxed environment first to confirm behavior. 4) Ask the provider to fix their certificate configuration so you can re-enable standard verification and proxy traversal. 5) Ensure the agent or environment won't log or leak the AccessKeySecret or ApplicationSecret (avoid pasting secrets into public chat). If you cannot accept disabling TLS verification or bypassing your corporate proxy, do not use this skill until the API endpoint is corrected or the scripts are adapted to your environment.
功能分析
Type: OpenClaw Skill
Name: whatsapp-otp
Version: 1.0.2
The skill bundle contains scripts (send_whatsapp_otp.py and send_whatsapp_otp.sh) that intentionally disable critical security controls to interact with the CMI OmniChannel RCS API (cpaas-rcs.cmidict.com:7081). Specifically, the Python script disables SSL certificate verification (CERT_NONE) and clears all system proxy environment variables. While these actions are documented in SKILL.md as workarounds for non-standard API configurations, they introduce significant vulnerabilities, such as susceptibility to Man-in-the-Middle (MitM) attacks, which could lead to the exposure of the sensitive API credentials requested from the user.
能力评估
Purpose & Capability
Name/description match the included Python and shell scripts and the runtime instructions. The requested inputs (AccessKeyId, AccessKeySecret, ApplicationName, ApplicationSecret, recipient, OTP) are appropriate and required for the API calls the skill performs.
Instruction Scope
SKILL.md and the scripts instruct the agent to clear proxy environment variables and to disable certificate verification / use a permissive SSL context to contact https://cpaas-rcs.cmidict.com:7081. These actions are outside normal best practices and reduce transport security (MITM risk), though they are documented and appear intended to work around a server with a bad TLS configuration.
Install Mechanism
No install spec or external downloads; the skill is instruction+bundled local scripts only. No third‑party packages are fetched at install time (the Python script requires 'requests' but only checks for it at runtime).
Credentials
The skill requires tenant credentials (AccessKeyId/AccessKeySecret and app secret) which are proportionate to sending OTPs. It does modify proxy environment variables within the process and the shell version uses curl --noproxy '*'; this affects only the process but may bypass corporate proxies and access controls — a security tradeoff explained in the SKILL.md.
Persistence & Privilege
The skill is not always-enabled, does not request platform-level persistence, and does not modify other skills or system-wide agent settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install whatsapp-otp - 安装完成后,直接呼叫该 Skill 的名称或使用
/whatsapp-otp触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
Display name changed.
v1.0.1
- Added a new Security Considerations section describing SSL/TLS certificate handling and proxy environment clearing.
- Explained that the script uses a permissive SSL adapter to handle non-standard endpoint SSL settings.
- Documented that proxy variables are cleared to ensure direct connectivity to the API endpoint.
- Included recommendations and risk assessment for these security workarounds.
v1.0.0
Initial release of WhatsApp OTP sender skill.
- Sends WhatsApp OTP (one-time password) messages through the CMI OmniChannel RCS API.
- Requires API authentication credentials and uses a pre-configured message template.
- Guides user to provide required parameters: recipient phone number (without +) and OTP code.
- Phone number format, API endpoint, authentication, and response handling are detailed in documentation.
- Script automates sending OTP, including timestamp generation and credential use.
元数据
常见问题
CMI CPaaS - WhatsApp OTP Sender 是什么?
Send WhatsApp OTP (one-time password) messages via CMI OmniChannel RCS API. Use when user asks to send verification code, OTP, or authentication code via Wha... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 358 次。
如何安装 CMI CPaaS - WhatsApp OTP Sender?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install whatsapp-otp」即可一键安装,无需额外配置。
CMI CPaaS - WhatsApp OTP Sender 是免费的吗?
是的,CMI CPaaS - WhatsApp OTP Sender 完全免费(开源免费),可自由下载、安装和使用。
CMI CPaaS - WhatsApp OTP Sender 支持哪些平台?
CMI CPaaS - WhatsApp OTP Sender 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 CMI CPaaS - WhatsApp OTP Sender?
由 CMI CPaaS(@picccabo-art)开发并维护,当前版本 v1.0.2。
推荐 Skills