Send SMS/iMessage to the user via Poke and process inbound Poke events. Use when the user asks to be texted, for SMS-based alerts, when processing events for...
Security Analysis
medium confidenceThe skill's instructions generally match a Poke ↔ OpenClaw bridge, but it tells you to install an unverified npm package, create persistent systemd services, and apply inline sed patches to installed binaries and node_modules — actions that are risky and deserve review before running.
Name/description align with the instructions: the SKILL.md details connecting an OpenClaw agent to a Poke relay, running an MCP server, and sending/receiving SMS. Requiring access to openclaw.json (gateway ports/tokens) and running a tunnel/service is coherent with that purpose.
Instructions go beyond simple configuration: they read/write openclaw.json, create and enable systemd services, invoke global npm installs and npx setup, and explicitly patch binaries and node_modules via sed. The binary/library patching is broad, invasive, and modifies installed code on disk — scope creep relative to a purely messaging bridge.
There is no registry install spec recorded; instead the SKILL.md instructs the operator to run `npm install -g openclaw-poke` and `npx openclaw-poke setup`. Pulling and running an unverified npm package is moderate risk. The included sed-based patches that alter CLI and SDK files are high risk because they edit installed artifacts in-place.
The skill declares no required env vars, which matches the metadata. It does rely on reading/writing openclaw.json and on obtaining a Poke API key or OAuth. Access to openclaw.json may expose gateway/hook tokens; that is relevant to operation but should be reviewed before granting.
The setup creates persistent user systemd services and a long-running tunnel process, giving ongoing presence on the host. While expected for a tunnel, combined with in-place binary and module patches this grants substantial persistent modification of the environment and warrants caution.
Guidance
Before installing or running these instructions: 1) Inspect the openclaw-poke npm package source (or run it in an isolated VM/container) — do not blindly run global npm installs from unknown publishers. 2) Backup any files the guide will modify (openclaw.json, the poke binary, node_modules) and verify the sed replacement strings are correct; consider asking the maintainer for an official fix rather than patching binary files. 3) Prefer OAuth rather than pasting API keys when possible, and review what data in openclaw.json will be read/written (it may contain bearer tokens). 4) Review the systemd unit content before enabling it; running a persistent service is expected but increases exposure. 5) If you cannot validate the npm package and the patch steps, consider using the alternative manual registration with a secure tunnel provider (Tailscale/ngrok) or ask for an audited release. 6) If you proceed, run the setup with least privilege (user-level, not root) and monitor changes (file diffs, service activation).
Latest Release
v0.6.5
Auto-patches Poke SDK tunnel bug, auto-starts tunnel systemd service, README rewritten, versions synced
More by @g9pedro
Published by @g9pedro on ClawHub
