By name: "human-auth-sms-2fa" description: "Handle SMS verification codes and 2FA TOTP codes from Human Phone. Covers OTP entry, code verification, and multi-factor authentication flows." metadata: {"openclaw":{"triggers":{"any":["sms","2fa","otp","verification code","totp","authenticator","verify","one-time","mfa","two-factor","confirmation code"]}}}
Human Auth: SMS / 2FA Verification
Use this when an app requires a verification code sent via SMS, email, or generated by an authenticator app.
When to Trigger
- App shows "Enter verification code" or "Enter OTP" screen.
- App sent an SMS to the user's phone number and is waiting for the code.
- App requires a TOTP code from Google Authenticator, Authy, etc.
How to Call
request_human_auth(
capability: "sms",
instruction: "Please enter the verification code sent to your phone for [app/service].",
uiTemplate: {
allowTextAttachment: true,
requireArtifactOnApprove: true,
title: "Verification Code Needed",
summary: "Enter the SMS or authenticator code."
}
)
After You Receive the Artifact
The artifact is a JSON file with a value field. The value is NOT in the session log — you must read the file.
Read the code:
read(<artifact_path>)to get the actual code value.Check the current screen. The verification input may still be visible, or the app may have moved to a different screen during the wait.
If the input field is still visible: tap it to focus, then
type_text(<code>).If the app moved away: press
keyevent KEYCODE_BACKto return to the verification screen, or re-navigate to it.Tap Verify / Submit / Continue.
Check if verification succeeded. If the app shows an error (code expired), you may need to request a new code and call
request_human_authagain.
Tips
- TOTP codes rotate every 30 seconds — act quickly after receiving one.
- SMS codes typically last 1-5 minutes.
- Delete the artifact after use:
exec("rm <artifact_path>").