didit-phone-verificationIntegrate Didit Phone Verification standalone API to verify phone numbers via OTP. Use when the user wants to verify phones, send SMS or WhatsApp or Telegram...
Install via ClawdBot CLI:
clawdbot install rosasalberto/didit-phone-verificationGrade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Sends data to undocumented external endpoint (potential exfiltration)
Send → https://docs.didit.me/reference/send-phone-verification-code-apiCalls external URL not in known-safe list
https://docs.didit.meAI Analysis
The skill's external API calls are documented and consistent with its stated purpose of phone verification. While it sends user data (phone number, device signals) to a third-party service, this is an expected part of the verification workflow and disclosed in the definition. No hidden instructions, credential harvesting, or obfuscation were detected.
Audited Apr 17, 2026 · audit v1.0
Generated Mar 21, 2026
Verify new users' phone numbers during sign-up to ensure account security and prevent fraud. The skill sends a one-time code via SMS or WhatsApp, then checks the code to confirm ownership. It can auto-decline disposable or VoIP numbers to reduce fake accounts.
Enhance login security by requiring phone verification for high-risk transactions or password resets. The skill sends codes through preferred channels like Telegram or voice calls, with fraud detection based on IP and device signals to flag suspicious activity.
Authenticate drivers by verifying their phone numbers before allowing them to offer rides. The skill checks for duplicate numbers to prevent multiple accounts and declines VoIP numbers to ensure reliable communication. It supports multiple delivery channels for global reach.
Verify patients' phone numbers to send appointment reminders and confirm identities for telemedicine. The skill uses SMS as a fallback to ensure delivery, with options to detect disposable numbers to maintain data integrity and comply with privacy regulations.
Assist users in recovering access to locked accounts by verifying their phone numbers via OTP. The skill enforces rate limits to prevent abuse and uses fraud signals like device ID to block malicious attempts, ensuring secure and efficient recovery processes.
Charge customers based on the number of phone verifications completed, with tiered pricing for high-volume users. Revenue is generated from each successful send and check API call, incentivizing efficient use and scaling with user growth.
Offer monthly or annual subscriptions that include a set number of verification credits, with overage charges for additional usage. This model provides predictable revenue and encourages long-term adoption by businesses needing regular verification services.
License the verification API to large enterprises for integration into their internal systems, with custom pricing based on usage volume and support needs. Revenue comes from upfront licensing fees and ongoing maintenance contracts.
💬 Integration Tip
Ensure the DIDIT_API_KEY environment variable is set and use E.164 format for phone numbers to avoid errors; test with different channels like WhatsApp to optimize delivery success.
Scored May 17, 2026
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope,...
Comprehensive security auditing for Clawdbot deployments. Scans for exposed credentials, open ports, weak configs, and vulnerabilities. Auto-fix mode included.
Analyze and classify agent skills for safety using local evaluation. Optionally produce a signed attestation of the vetting result.
Detect 500+ types of hardcoded secrets (API keys, credentials, tokens) before they leak into git. Wraps GitGuardian's ggshield CLI.
Audit codebases and infrastructure for security issues. Use when scanning dependencies for vulnerabilities, detecting hardcoded secrets, checking OWASP top 10 issues, verifying SSL/TLS, auditing file permissions, or reviewing code for injection and auth flaws.
Detects fail-open insecure defaults (hardcoded secrets, weak auth, permissive security) that allow apps to run insecurely in production. Use when auditing security, reviewing config management, or analyzing environment variable handling.