whatsapp-otp

Send WhatsApp OTP (one-time password) messages via CMI OmniChannel RCS API. Use when user asks to send verification code, OTP, or authentication code via WhatsApp. This skill requires authentication credentials and uses a pre-configured template.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "whatsapp-otp" with this command: npx skills add picccabo-art/whatsapp-otp

WhatsApp OTP Sender

Purpose

Send one-time password (OTP) messages through WhatsApp using the CMI OmniChannel RCS platform.

Quick Start

When user requests to send a WhatsApp OTP:

  1. Ask for credentials (if not already provided):

    • AccessKeyId
    • AccessKeySecret
    • ApplicationName (default: "default")
    • ApplicationSecret

  2. Ask for required parameters:

    • To: Recipient phone number with country code, no + prefix (e.g., 8613800138000)
    • otp_code: The verification code to send (e.g., "123456")

    Important phone number format:

    • From (sender): +8618247665684 (with + prefix)
    • To (recipient): 8613800138000 (without + prefix)

  3. Use the script: Call the Python script to send the message

    python scripts/send_whatsapp_otp.py \
  --access-key-id "$ACCESS_KEY_ID" \
  --access-key-secret "$ACCESS_KEY_SECRET" \
  --app-name "$APPLICATION_NAME" \
  --app-secret "$APPLICATION_SECRET" \
  --to "$TO_NUMBER" \
  --otp "$OTP_CODE"

Fixed Configuration

  • Template Name: test_otp_cn_111501 (pre-configured in backend)
  • From Number: +8618247665684 (with + prefix)
  • Type: template
  • Language: zh_CN
  • Components:
    • body: Contains OTP code parameter
    • button: URL button with index 0

API Endpoint

  • URL: https://cpaas-rcs.cmidict.com:7081/singleSend
  • Method: POST
  • Headers: Content-Type: application/json

Security Considerations

Important Notes:

  1. SSL Certificate Verification: The script uses a custom SSL adapter with permissive settings (check_hostname=False, verify_mode=CERT_NONE) to connect to the API endpoint. This is necessary because the CMI OmniChannel RCS API endpoint (cpaas-rcs.cmidict.com:7081) has a non-standard SSL/TLS configuration that causes connection failures with standard verification.

  2. Proxy Settings: The script clears all proxy environment variables (http_proxy, https_proxy, etc.) to ensure direct connection to the API endpoint. This is required because:

    • The API endpoint may not be accessible through certain proxies
    • Proxy configurations in user environments can cause connection timeouts
    • Direct connection provides more reliable operation

Security Impact: These configurations are evaluated as medium risk. The script only affects communication with this specific API endpoint and does not impact other connections.

Recommendation: Work with your operations team to:

  1. Investigate the SSL/TLS configuration of cpaas-rcs.cmidict.com:7081
  2. Test if the API endpoint is accessible through your corporate proxy
  3. Request the API provider to fix their certificate configuration
  4. Re-enable standard SSL verification and proxy support once the endpoint is compliant

Current Workaround: The script includes inline comments documenting the reasoning for these security settings.

Authentication

This API uses tenant-based authentication:

  • AccessKeyId: Tenant identifier (e.g., PAID_1881A95CE7AEDA00H204B)
  • AccessKeySecret: Tenant secret key (Base64 encoded)
  • Timestamp: Auto-generated by script (ISO8601 UTC format, valid for 15 minutes)

Important: Do NOT manually provide timestamp. The script will generate it automatically at runtime.

Response

Successful response (Code: 0):

{
  "Code": 0,
  "Message": "OK",
  "Timestamp": "2023-01-01T12:00:00Z",
  "From": "+8618247665684",
  "To": "8613800138000",
  "BizId": "MDPG177BBCFD8301E42FH144E"
}

Error response (Code != 0):

{
  "Code": 11998,
  "Message": "ERRCODE_invalid_parameter 120",
  "Timestamp": "2023-08-17T10:01:49Z"
}

Usage Example

User: "Send a WhatsApp OTP to 8614749386918 with code 123456"

Assistant: "I'll need your API credentials to send the WhatsApp OTP. Please provide:

  • AccessKeyId
  • AccessKeySecret
  • ApplicationName (or use 'default')
  • ApplicationSecret"

[User provides credentials]

[Assistant calls the script and reports result]

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Coding

Olares Market (olares-cli market)

olares-cli market command tree against the per-user Market app-store v2 API: list / get / categories for catalog browsing; install / uninstall / upgrade / cl...

Registry SourceRecently Updated
180pengpeng
Coding

Mistral Mcp Openclaw

Configure OpenClaw to use the community mistral-mcp stdio server for Mistral OCR, Codestral FIM, Voxtral audio, durable workflows, moderation, classification...

Registry SourceRecently Updated
731swih
Coding

Web Design Lead Qualifier

Research and score prospective web design clients. Crawl their site, assess fit, and produce a qualification report. Use when asked to qualify a lead, resear...

Registry SourceRecently Updated
31099rebels
Coding

Olares Shared (olares-cli foundation)

Shared olares-cli foundation: profile model, first-time login (profile login with password + TOTP), bootstrapping a profile from an existing refresh token (p...

Registry SourceRecently Updated
160pengpeng