首页 / 技能 / CMI CPaaS - WhatsApp OTP Sender — WhatsApp验证码

📦 CMI CPaaS - WhatsApp OTP Sender — WhatsApp验证码

v1.0.2

通过 CMI OmniChannel RCS API 向用户 WhatsApp 发送一次性验证码(OTP),用于登录、注册或身份验证场景,支持自动重试与状态回执。

0· 315·0 当前·0 累计
picccabo-art 头像by @picccabo-art (CMI CPaaS)
API工具安全自动化云服务
下载技能包
最后更新
2026/4/21
0
安全扫描
VirusTotal
可疑
查看报告
OpenClaw
安全
high confidence
NULL
评估建议
This skill appears to do exactly what it claims, but it contains an explicit workaround that weakens network security: the Python script disables SSL certificate verification and the scripts avoid proxies to reach a server with a broken TLS configuration. Before installing or providing credentials: 1) Verify you trust the API provider (cpaas-rcs.cmidict.com) and the tenant you will use. 2) Prefer not to reuse long‑lived credentials; use short‑lived or scoped keys if possible and rotate them afte...
详细分析 ▾
用途与能力
Name/description match the included Python and shell scripts and the runtime instructions. The requested inputs (AccessKeyId, AccessKeySecret, ApplicationName, ApplicationSecret, recipient, OTP) are appropriate and required for the API calls the skill performs.
指令范围
SKILL.md and the scripts instruct the agent to clear proxy environment variables and to disable certificate verification / use a permissive SSL context to contact https://cpaas-rcs.cmidict.com:7081. These actions are outside normal best practices and reduce transport security (MITM risk), though they are documented and appear intended to work around a server with a bad TLS configuration.
安装机制
No install spec or external downloads; the skill is instruction+bundled local scripts only. No third‑party packages are fetched at install time (the Python script requires 'requests' but only checks for it at runtime).
凭证需求
The skill requires tenant credentials (AccessKeyId/AccessKeySecret and app secret) which are proportionate to sending OTPs. It does modify proxy environment variables within the process and the shell version uses curl --noproxy '*'; this affects only the process but may bypass corporate proxies and access controls — a security tradeoff explained in the SKILL.md.
持久化与权限
The skill is not always-enabled, does not request platform-level persistence, and does not modify other skills or system-wide agent settings.
安全有层次,运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.22026/3/6

NULL

可疑

安装命令

点击复制
官方npx clawhub@latest install whatsapp-otp
镜像加速npx clawhub@latest install whatsapp-otp --registry https://cn.longxiaskill.com
数据来源ClawHub ↗ · 中文优化:龙虾技能库