v1.0.0

Bland

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:18 AM.

Analysis

The skill matches its Bland AI purpose, but it can make real phone calls, incur charges, configure persistent inbound agents, and access recordings/transcripts using a local API key, so it needs careful review before use.

GuidanceInstall only if you intend to let the agent operate your Bland AI account. Before use, set clear approval rules for every outbound call, number purchase, inbound-agent change, and transcript or recording retrieval; use a dedicated API key and monitor balance and call history.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

`bland call <phone> [opts]` | Place an outbound AI call | ... `bland buy-number [--area-code 415]` | Purchase an inbound number |

The skill advertises billable real-world actions, including placing calls and purchasing phone numbers, but the artifacts do not document approval gates, spending limits, or destination scoping.

User impactAn agent using this skill could contact third parties or spend Bland account credits if these commands are invoked without careful user approval.

RecommendationRequire explicit user confirmation for every outbound call, number purchase, stop-all action, and inbound configuration change; consider restricting allowed numbers and disabling autonomous invocation for billable actions.

Rogue Agents

SeverityMediumConfidenceHighStatusConcern

SKILL.md

`bland setup-inbound <phone> --task "prompt"` | Configure inbound call agent |

The skill can configure an inbound AI call agent that may continue handling future calls after the immediate task, but no bounds, expiration, or cleanup instructions are described.

User impactA persistent inbound phone agent could keep interacting with callers using the configured prompt until changed or disabled.

RecommendationOnly configure inbound agents deliberately, document how to review and disable them, and require user approval before changing any phone number’s inbound behavior.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

metadata

Source: unknown
Homepage: none

The skill includes a shell script but lacks source and homepage provenance in the supplied metadata.

User impactUsers have less context for verifying who maintains the script and whether it matches an upstream project.

RecommendationVerify the publisher and script contents before installing, especially because the skill controls a billable phone-calling account.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

scripts/bland.sh

BLAND_API_KEY=$(grep '^BLAND_API_KEY=' /root/clawd/.env | cut -d= -f2-)
...
-H "authorization: ${BLAND_API_KEY}"

The script reads a local Bland API key and sends it as an authorization header to the Bland API. This is expected for the integration, but it is sensitive account authority and is not declared in the registry requirements.

User impactThe skill can act with whatever permissions and billing access the configured Bland API key provides.

RecommendationUse a dedicated, least-privileged Bland API key if available, monitor account usage, and ensure the credential requirement is visible before installation.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusNote

SKILL.md

`bland recording <id>` | Get recording URL for a call | ... `bland transcript <id>` | Get formatted transcript |

The skill can retrieve call recordings and transcripts, which may contain private or regulated conversation content.

User impactSensitive call content could be displayed in the agent session and reused in later reasoning if the user or agent includes it in context.

RecommendationTreat transcripts and recording URLs as sensitive data, avoid unnecessary retrieval, and do not share or paste them into unrelated tasks.