by 安全扫描
OpenClaw
可疑
medium confidenceNULL
评估建议
This skill implements a full Signal bot using signal-cli and local scripts. Before installing:
- Be prepared to install signal-cli, Java (OpenJDK 21+), and ffmpeg manually; the registry metadata does not list these but the SKILL.md requires them.
- Keep your WAKE_URL and WAKE_TOKEN private; set WAKE_URL to your local OpenClaw endpoint where possible. If WAKE_URL points to a remote host, validate the remote endpoint — the script will trigger it when messages arrive.
- Understand the permissions.j...详细分析 ▾
ℹ 用途与能力
The name/description match what the files actually implement (signal-cli-based send/receive, transcription, TTS, role-based permissions). However the registry metadata declares no required binaries/env while SKILL.md and the scripts clearly require signal-cli, Java (OpenJDK 21+), ffmpeg and (optionally) Whisper/TTS services and a phone number — a mismatch that could mislead non-technical users.
ℹ 指令范围
The runtime instructions and scripts stay largely within messaging scope: polling via signal-cli, writing per-contact conversation logs, flagging pending wakes, triggering the OpenClaw wake hook, and sending messages. They also automatically send read/viewed receipts for voice messages and log full message bodies to local files. The scripts reference local attachment paths and optional STT/TTS endpoints (curl to local inference servers) — there is no direct hidden exfiltration in the code, but message contents are persisted locally and the skill triggers an external hook when configured.
✓ 安装机制
There is no automated install spec (instruction-only). SKILL.md includes manual install instructions (download GitHub release tarball, move binaries to /usr/local or user dir) which is normal for signal-cli; nothing in the skill automatically downloads or executes additional remote code during install.
⚠ 凭证需求
The skill does not declare any required environment variables in the registry, yet the instructions and scripts rely on configurable tokens/paths: SIGNAL_NUMBER, SIGNAL_CLI path, STATE_DIR, WAKE_URL and WAKE_TOKEN (hook auth), and optional Whisper/TTS endpoints or API keys. WAKE_TOKEN in particular is used as a Bearer header when the script triggers a webhook; if WAKE_URL points to a remote endpoint this could allow remote actors (if misconfigured) to cause the agent to process message contents. The permissions model also grants an 'owner' contact the ability to instruct the agent to execute commands and modify files — a high privilege that must be given intentionally.
ℹ 持久化与权限
The skill persists data under ~/.signal-state (conversation logs, monitor/debug/triage logs, pending_wakes). It does not set always:true and does not modify other skills' configs. The documented permission tiers explicitly allow an 'owner' to instruct the agent to run commands/mutate files; this is part of the feature but doubles as a high-risk capability if ownership is misassigned.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/2/22
NULL
● 可疑
安装命令
点击复制官方npx clawhub@latest install signal-messenger-standalone
镜像加速npx clawhub@latest install signal-messenger-standalone --registry https://cn.longxiaskill.com