惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

SecWiki News
SecWiki News
量子位
The Cloudflare Blog
美团技术团队
T
The Exploit Database - CXSecurity.com
博客园 - 【当耐特】
Spread Privacy
Spread Privacy
P
Proofpoint News Feed
C
CXSECURITY Database RSS Feed - CXSecurity.com
博客园 - 三生石上(FineUI控件)
T
Tor Project blog
博客园 - 司徒正美
宝玉的分享
宝玉的分享
T
Threatpost
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
S
Secure Thoughts
T
Threat Research - Cisco Blogs
Hacker News: Ask HN
Hacker News: Ask HN
Jina AI
Jina AI
博客园 - 聂微东
A
Arctic Wolf
I
Intezer
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Know Your Adversary
Know Your Adversary
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
爱范儿
爱范儿
Hugging Face - Blog
Hugging Face - Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
小众软件
小众软件
T
Tailwind CSS Blog
The Hacker News
The Hacker News
L
LINUX DO - 最新话题
Hacker News - Newest:
Hacker News - Newest: "LLM"
WordPress大学
WordPress大学
S
SegmentFault 最新的问题
TaoSecurity Blog
TaoSecurity Blog
Project Zero
Project Zero
博客园 - 叶小钗
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Cloudbric
Cloudbric
雷峰网
雷峰网
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
大猫的无限游戏
大猫的无限游戏
D
Darknet – Hacking Tools, Hacker News & Cyber Security
T
Troy Hunt's Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
V2EX - 技术
V2EX - 技术
The GitHub Blog
The GitHub Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
P
Privacy & Cybersecurity Law Blog

Recent Commits to openclaw:main

test: merge chat side-result checks · openclaw/openclaw@ddd2c2a test: merge cron history checks · openclaw/openclaw@f7eb746 test: merge responsive navigation shell checks · openclaw/openclaw@c2e4b47 docs(changelog): add codex oauth fixes · openclaw/openclaw@628e6cd test: merge navigation routing cases · openclaw/openclaw@5d8cecb Tests: mock channel registry bundled fallback · openclaw/openclaw@2b08233 Secrets: avoid broad web search discovery for single plugin config · openclaw/openclaw@a464f59 test: merge config view browser checks · openclaw/openclaw@20cf511 fix(status): align oauth health with runtime · openclaw/openclaw@eed7116 feat: add macOS screen snapshots for monitor preview (#67954) thanks … · openclaw/openclaw@f377db1 fix: report shared auth scopes in hello-ok (#67810) thanks @BunsDev · openclaw/openclaw@0b6c39b Auto-reply: avoid eager bundled route fallback · openclaw/openclaw@3ea1bf4 Tests: narrow session binding contract setup · openclaw/openclaw@54e4e16 fix(macOS): enable undo/redo in webchat composer text input (#34962) · openclaw/openclaw@00951dc Tests: speed up channel setup promotion · openclaw/openclaw@82b529a Docs: refresh agent instructions · openclaw/openclaw@5775fe2 fix(auth): serialize OAuth refresh across agents to fix #26322 (#67876) · openclaw/openclaw@8e79080 test: allow ollama public surface boundary test · openclaw/openclaw@7d4f1a6 Docs: add test performance guardrails · openclaw/openclaw@89706d3 Tests: restore context-engine usage proof · openclaw/openclaw@e4c4f95 Tests: slim context engine runtime coverage · openclaw/openclaw@74c198f ci: retry failed custom checkouts · openclaw/openclaw@0ee5baf test: trim duplicate provider auth onboarding cases · openclaw/openclaw@1ffc02e matrix: fix sessions_spawn --thread subagent session spawning (#67643) · openclaw/openclaw@1ce2596 test: reduce auth choice fixture churn · openclaw/openclaw@857b9cd test: mock health status config boundaries · openclaw/openclaw@9d5ab4a test: mock onboard config io boundary · openclaw/openclaw@299694d test: mock legacy state plugin boundaries · openclaw/openclaw@2713089 test: mock channel install boundaries · openclaw/openclaw@b945248 test: mock doctor preview channel boundaries · openclaw/openclaw@b1a3ad4 test: trim doctor command hotspots · openclaw/openclaw@c66f16a test: isolate agent auth and spawn hotspots · openclaw/openclaw@9285935 test: stabilize MCP startup disposal race · openclaw/openclaw@dd9d2eb test: merge browser contract server suites · openclaw/openclaw@5817a76 test: narrow ollama provider discovery setup · openclaw/openclaw@a0d9598 build: declare qa-lab aimock runtime dependency · openclaw/openclaw@24431e5 test: speed up safe-bins exec harness · openclaw/openclaw@ee856ab test: preserve tool helpers in embedded runner mocks · openclaw/openclaw@acd86a0 refactor: move memory embeddings into provider plugins · openclaw/openclaw@77e6e4c test: reuse system-run temp fixtures · openclaw/openclaw@7e9ff0f test: trim hotspot wait overhead · openclaw/openclaw@12a59b0 Check: avoid duplicate boundary prep · openclaw/openclaw@baf11b8 test: reduce hotspot fixture overhead · openclaw/openclaw@3a59edd feat(ui): overhaul settings and slash command UX (#67819) thanks @Bun… · openclaw/openclaw@2cfb660 QA Matrix: exit cleanly on failure · openclaw/openclaw@42805d2 QA Matrix: isolate scenario coverage · openclaw/openclaw@7e659e1 Matrix: refresh crypto bootstrap state · openclaw/openclaw@94081d8 QA Lab: add provider registry · openclaw/openclaw@bb7e982 Matrix: add plugin changelog · openclaw/openclaw@4acab55 test: trim more hotspot overhead · openclaw/openclaw@f485311 test: trim remaining hotspot tests · openclaw/openclaw@6ba8626 test: narrow hotspot mocks · openclaw/openclaw@dbc8179 test: isolate gemini embedding request helpers · openclaw/openclaw@cd330f5 test: trim memory and mcp hotspots · openclaw/openclaw@fd48dfa test: slim provider registry mocks · openclaw/openclaw@2e08c77 test: harden Parallels update smoke · openclaw/openclaw@1a98090 feat: default Anthropic to Opus 4.7 · openclaw/openclaw@628b454 fix: harden node-host shell payload mutability checks · openclaw/openclaw@75c551e fix: land node-host approval binding for native binaries (#66731) (th… · openclaw/openclaw@29919bb CI: add daily schedule to CodeQL workflow (#67645) · openclaw/openclaw@69d25f5 fix(gateway): capture config hash after plugin auto-enable to prevent… · openclaw/openclaw@8c11210 fix: repair sanitized replay tool results before send (#67620) (thank… · openclaw/openclaw@c3c7a99 fix: restrict HTML timeout short-circuit to transient statuses · openclaw/openclaw@de129a6 fix: keep TUI watchdog bound to active run (#67401) (thanks @xantorres) · openclaw/openclaw@3525273 Gateway/skills: dedupe skills prefix-match + drop dead fallback on log · openclaw/openclaw@d7f489f Extensions/lmstudio: back off inference preload after consecutive fai… · openclaw/openclaw@b555214 TUI/streaming: add watchdog that resets the activity indicator after … · openclaw/openclaw@f44ab20 Agents/tool-loop: enable unknown-tool stream guard by default · openclaw/openclaw@36ed367 Gateway/skills: invalidate session skills snapshot on config write · openclaw/openclaw@b23d59a fix: classify HTML provider error pages correctly (#67642) (thanks @s… · openclaw/openclaw@e588e90 fix(skills): remove unused model-usage import (#67641) · openclaw/openclaw@55f05df docs(changelog): credit codex fix superseded PRs · openclaw/openclaw@e485f24 fix(openai-codex): normalize stale transport metadata in resolution a… · openclaw/openclaw@90801ba CI: pin Docker-related GitHub Actions (#67632) · openclaw/openclaw@f697b01 Android: modernize WebView and discovery API usage (#67627) · openclaw/openclaw@44a6e50 fix(deps): bump hono to 4.12.14 and @hono/node-server to 1.19.14 (GHS… · openclaw/openclaw@fbccc18 fix(deps): bump dompurify to 3.4.0 (#67614) · openclaw/openclaw@2c2dc00 CI: add explicit permissions to all workflow jobs (fixes code-scannin… · openclaw/openclaw@01b7516 fix: register bundled TTS providers and route overrides correctly (#6… · openclaw/openclaw@6ea3cdd fix: align host tilde paths with OS home (#62804) (thanks @stainlu) · openclaw/openclaw@ecfaf64 fix: flush creds queue before reconnect socket open (#67464) (thanks … · openclaw/openclaw@405c63f fix: strip standalone <function> tool call tags from visible text (#6… · openclaw/openclaw@78df859 fix(agents): preserve cli session metadata before transcript persist … · openclaw/openclaw@898fd04 docs(changelog): move cli transcript entry · openclaw/openclaw@c1817c6 fix(agents): normalize cli transcript api field · openclaw/openclaw@3a3fae0 docs(changelog): note cli transcript persistence · openclaw/openclaw@6c343f1 fix(agents): persist cli transcript turns · openclaw/openclaw@b8ef507 fix(msteams): harden security-sensitive flows (#65841) · openclaw/openclaw@c56b56e [Dashboard] Fix exec approval modal overflow for long command content… · openclaw/openclaw@053c5b0 Docs: remove QA changelog entry · openclaw/openclaw@7fd5771 QA: fix private runtime source loading (#67428) · openclaw/openclaw@d5933af docs(gateway): correct protocol.md schema path, hello-ok example, aut… · openclaw/openclaw@489404d CI: pin Node 22 runners to 22.18.0 · openclaw/openclaw@4ffa621 models.authStatus: normalize provider ids + tighten env-backed escape… · openclaw/openclaw@f2fdb9d Update CHANGELOG.md · openclaw/openclaw@7694a92 test(parallels): clean up npm update guard jobs · openclaw/openclaw@045ea7b Plugins: prefer scanDir override paths · openclaw/openclaw@b2974da fix(dreaming): default storage.mode to "separate" so phase blocks sto… · openclaw/openclaw@8c392f0 fix(memory-core): skip dreaming transcript ingestion via session stor… · openclaw/openclaw@a1b01f0 fix: dedupe replayed exec.finished node events (#67281) · openclaw/openclaw@5dcf526
docs: expand SMS channel setup guide · openclaw/openclaw@ea11b8a
steipete · 2026-05-31 · via Recent Commits to openclaw:main

@@ -20,15 +20,35 @@ OpenClaw can receive and send SMS through a Twilio phone number or Messaging Ser

2020

</Card>

2121

</CardGroup>

222223-

## Quick setup

23+

## Before you begin

24+25+

You need:

26+27+

- A Twilio account with an SMS-capable phone number, or a Twilio Messaging Service.

28+

- The Twilio Account SID and Auth Token.

29+

- A public HTTPS URL that reaches your OpenClaw Gateway.

30+

- A sender policy choice: `pairing` for private use, `allowlist` for preapproved phone numbers, or `open` only for intentionally public SMS access.

31+32+

Use one Twilio number for both SMS and Voice Call if the number has both capabilities. Configure the SMS webhook and Voice webhook separately in Twilio; this page only covers the SMS webhook.

33+34+

## Quick Setup

24352536

<Steps>

2637

<Step title="Create or choose a Twilio sender">

27-

In Twilio, choose an SMS-capable phone number or Messaging Service. Save the Account SID, Auth Token, and sender value.

38+

In Twilio, open **Phone Numbers > Manage > Active numbers** and choose an SMS-capable number. Save:

39+40+

- Account SID, for example `ACxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx`

41+

- Auth Token

42+

- Sender phone number, for example `+15551234567`

43+44+

If you use a Messaging Service instead of a fixed sender number, save the Messaging Service SID, for example `MGxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx`.

45+2846

</Step>

29473048

<Step title="Configure the SMS channel">

314950+

Save this as `sms.patch.json5` and change the placeholders:

51+3252

```json5

3353

{

3454

channels: {

@@ -44,13 +64,17 @@ OpenClaw can receive and send SMS through a Twilio phone number or Messaging Ser

4464

}

4565

```

466647-

Env fallbacks for the default account:

48-

`TWILIO_ACCOUNT_SID`, `TWILIO_AUTH_TOKEN`, `TWILIO_PHONE_NUMBER` or `TWILIO_SMS_FROM` or `TWILIO_MESSAGING_SERVICE_SID`, and `SMS_PUBLIC_WEBHOOK_URL`.

67+

Apply it:

68+69+

```bash

70+

openclaw config patch --file ./sms.patch.json5 --dry-run

71+

openclaw config patch --file ./sms.patch.json5

72+

```

49735074

</Step>

51755276

<Step title="Point Twilio at the Gateway webhook">

53-

Set the Twilio Messaging webhook for incoming messages to:

77+

In the Twilio phone number settings, open **Messaging** and set **A message comes in** to:

54785579

```text

5680

https://gateway.example.com/webhooks/sms

@@ -64,6 +88,11 @@ https://gateway.example.com/webhooks/sms

64886589

```bash

6690

openclaw gateway

91+

```

92+93+

Send a text message to the Twilio number. The first message creates a pairing request. Approve it:

94+95+

```bash

6796

openclaw pairing list sms

6897

openclaw pairing approve sms <CODE>

6998

```

@@ -73,47 +102,159 @@ openclaw pairing approve sms <CODE>

73102

</Step>

74103

</Steps>

7510476-

## Access control

105+

## Configuration Examples

7710678-

`channels.sms.dmPolicy` controls direct SMS access:

107+

### Config file

7910880-

- `pairing` (default)

81-

- `allowlist` (requires at least one sender in `allowFrom`)

82-

- `open` (requires `allowFrom` to include `"*"`)

83-

- `disabled`

109+

Use config-file setup when you want the channel definition to travel with the Gateway config:

8411085-

`allowFrom` entries should be E.164 phone numbers such as `+15551234567`. `sms:` prefixes are accepted and normalized. For a private assistant, prefer `dmPolicy: "allowlist"` with explicit phone numbers.

111+

```json5

112+

{

113+

channels: {

114+

sms: {

115+

enabled: true,

116+

accountSid: "ACxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",

117+

authToken: "twilio-auth-token",

118+

fromNumber: "+15551234567",

119+

publicWebhookUrl: "https://gateway.example.com/webhooks/sms",

120+

dmPolicy: "pairing",

121+

},

122+

},

123+

}

124+

```

8612587-

## Sending SMS

126+

### Environment variables

8812789-

Outbound SMS targets use the `sms:` service prefix with the SMS channel selected:

128+

Use env setup for single-account deployments where secrets come from the host environment:

9012991130

```bash

92-

openclaw message send --channel sms --target sms:+15551234567 --message "hello"

131+

export TWILIO_ACCOUNT_SID="ACxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

132+

export TWILIO_AUTH_TOKEN="<twilio-auth-token>"

133+

export TWILIO_PHONE_NUMBER="+15551234567"

134+

export SMS_PUBLIC_WEBHOOK_URL="https://gateway.example.com/webhooks/sms"

93135

```

9413695-

When channel selection is implicit, `twilio-sms:+15551234567` selects this channel without taking over the existing channel-owned `sms:` service prefix used by iMessage.

137+

Then enable the channel in config:

9613897-

Agent replies from inbound SMS conversations automatically go back to the sender through the configured Twilio sender.

139+

```json5

140+

{

141+

channels: {

142+

sms: {

143+

enabled: true,

144+

dmPolicy: "pairing",

145+

},

146+

},

147+

}

148+

```

149+150+

`TWILIO_SMS_FROM` is accepted as an alias for `TWILIO_PHONE_NUMBER`. Use `TWILIO_MESSAGING_SERVICE_SID` instead of a phone-number sender when Twilio should choose the sender from a Messaging Service.

151+152+

### Allowlist-only private number

153+154+

Use `allowlist` when only known phone numbers should be able to talk to the agent:

155+156+

```json5

157+

{

158+

channels: {

159+

sms: {

160+

enabled: true,

161+

accountSid: "ACxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",

162+

authToken: "twilio-auth-token",

163+

fromNumber: "+15551234567",

164+

publicWebhookUrl: "https://gateway.example.com/webhooks/sms",

165+

dmPolicy: "allowlist",

166+

allowFrom: ["+15557654321"],

167+

},

168+

},

169+

}

170+

```

9817199-

Set `channels.sms.defaultTo` when operator-initiated sends should have a default phone number if no explicit target is provided.

172+

### Messaging Service sender

100173101174

Use `messagingServiceSid` instead of `fromNumber` when Twilio should choose the sender through a Messaging Service:

102175103176

```json5

104177

{

105178

channels: {

106179

sms: {

180+

enabled: true,

107181

accountSid: "ACxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",

108182

authToken: "twilio-auth-token",

109183

messagingServiceSid: "MGxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",

110184

publicWebhookUrl: "https://gateway.example.com/webhooks/sms",

185+

dmPolicy: "pairing",

111186

},

112187

},

113188

}

114189

```

115190116-

If both are present after defaults/env resolution, `fromNumber` is used.

191+

If both `fromNumber` and `messagingServiceSid` are present after config and env resolution, `fromNumber` is used.

192+193+

### Default outbound target

194+195+

Set `defaultTo` when automation or agent-initiated delivery should have a default destination if a send flow omits an explicit target:

196+197+

```json5

198+

{

199+

channels: {

200+

sms: {

201+

enabled: true,

202+

accountSid: "ACxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",

203+

authToken: "twilio-auth-token",

204+

fromNumber: "+15551234567",

205+

defaultTo: "+15557654321",

206+

publicWebhookUrl: "https://gateway.example.com/webhooks/sms",

207+

},

208+

},

209+

}

210+

```

211+212+

## Access control

213+214+

`channels.sms.dmPolicy` controls direct SMS access:

215+216+

- `pairing` (default)

217+

- `allowlist` (requires at least one sender in `allowFrom`)

218+

- `open` (requires `allowFrom` to include `"*"`)

219+

- `disabled`

220+221+

`allowFrom` entries should be E.164 phone numbers such as `+15551234567`. `sms:` prefixes are accepted and normalized. For a private assistant, prefer `dmPolicy: "allowlist"` with explicit phone numbers.

222+223+

## Sending SMS

224+225+

Outbound SMS targets use the `sms:` service prefix with the SMS channel selected:

226+227+

```bash

228+

openclaw message send --channel sms --target sms:+15551234567 --message "hello"

229+

```

230+231+

When channel selection is implicit, `twilio-sms:+15551234567` selects this channel without taking over the existing channel-owned `sms:` service prefix used by iMessage.

232+233+

```bash

234+

openclaw message send --target twilio-sms:+15551234567 --message "hello"

235+

```

236+237+

The CLI requires an explicit `--target`. `defaultTo` is for automation and agent-initiated delivery paths where the target can be resolved from channel config.

238+239+

Agent replies from inbound SMS conversations automatically go back to the sender through the configured Twilio sender.

240+241+

SMS output is plain text. OpenClaw strips markdown, flattens fenced code blocks, preserves readable links, and chunks long replies before sending them through Twilio.

242+243+

## Verify Setup

244+245+

After the Gateway starts:

246+247+

1. Confirm the Gateway log shows the SMS webhook route.

248+

2. Send an SMS to the Twilio number from your phone.

249+

3. Run `openclaw pairing list sms`.

250+

4. Approve the pairing code with `openclaw pairing approve sms <CODE>`.

251+

5. Send another SMS and confirm the agent replies.

252+253+

For outbound-only testing, use:

254+255+

```bash

256+

openclaw message send --channel sms --target sms:+15557654321 --message "OpenClaw SMS test"

257+

```

117258118259

## Webhook security

119260

@@ -159,3 +300,21 @@ Use `accounts` when you operate more than one Twilio number:

159300

```

160301161302

Each account should use a distinct `webhookPath`.

303+304+

## Troubleshooting

305+306+

### Twilio returns 403 or OpenClaw rejects the webhook

307+308+

Check that `publicWebhookUrl` exactly matches the URL configured in Twilio, including scheme, host, path, and query string. Twilio signs the public URL string, so proxy rewrites and alternate hostnames can break signature validation.

309+310+

### No pairing request appears

311+312+

Check the Twilio number's **Messaging** webhook URL and method. It must point to the SMS webhook URL and use `POST`. Also confirm the Gateway is reachable from the public internet or through your tunnel.

313+314+

### Outbound sends fail

315+316+

Confirm `accountSid`, `authToken`, and either `fromNumber` or `messagingServiceSid` are resolved. If you use a trial Twilio account, the destination number may need to be verified in Twilio before outbound SMS will send.

317+318+

### Messages arrive but the agent does not answer

319+320+

Check `dmPolicy` and `allowFrom`. With the default `pairing` policy, the sender must be approved before normal agent turns are processed.