phone calling
WarnAudited by ClawScan on May 10, 2026.
Overview
This is a real phone-calling API skill, but it gives an agent high-impact calling, billing, session, and call-data handling abilities without clear per-call approval and privacy boundaries.
Install only if you are comfortable letting the agent use a Ringez account to place real phone calls. Before use, require manual approval for every call, avoid direct mode unless necessary, do not enter sensitive PINs through DTMF unless you trust the service, review recording/transcription consent requirements, and verify any optional SDK packages yourself.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent has a valid session, it could place calls to third parties and spend calling minutes in ways the user did not specifically approve.
The skill exposes real-world phone call initiation, including direct automated calling by agents, without artifact-backed instructions requiring per-call user approval, recipient confirmation, spend limits, or duration limits.
Direct Mode ... Best for: AI agents, automated calls ... POST /api/v1/calls/initiate ... { "to_number": "+919876543210", "mode": "direct" }Require explicit confirmation before every call, showing the destination number, mode, purpose, expected cost, and maximum duration; prefer bridge mode and keep idempotency keys enabled.
Users may not realize the agent will handle credentials or session tokens that can authorize paid calls and account access.
The session ID functions as an account credential for balance checks and call initiation, while the registry requirements declare no primary credential or required environment variable.
Login with password ... Save the `session_id` — you will need it for all API calls.
Declare the credential/session requirements clearly, store session IDs only in approved secret storage, and let users revoke or rotate sessions easily.
Phone numbers, call events, and transcribed conversation content could be sent to external agent/webhook systems without users fully understanding the privacy implications.
The API documentation supports sending call status and transcription events to webhook endpoints, but the artifacts do not clearly define data boundaries, recipient consent, or retention for call content and metadata.
"transcribe": true ... "webhook_url": "https://agent.example.com/webhooks/call-status" ... "events": ["call.initiated", "call.ringing", "call.answered", "call.completed", "call.failed", "transcription.updated", "balance.low"]
Use webhooks and transcription only when necessary, disclose who receives the data, verify webhook signatures, and obtain consent where required by law or policy.
Users may trust the skill more than they should and overlook the account, billing, and call-data exposure involved in using it.
The privacy/authentication messaging is internally inconsistent and can understate that the service handles credentials, phone numbers, call metadata, and possibly transcripts.
enables autonomous calling capabilities with privacy-first design ... without requiring authentication or personal data. ... Authentication: API Key-based (bearer token)
Clarify the privacy model, authentication model, data collected, third-party processors, and any recording/transcription behavior before users grant access.
Using the optional SDKs adds package supply-chain trust outside the reviewed instruction-only skill.
The guide suggests optional SDK installation from package registries, but the skill itself has no install spec, lockfile, or bundled code for review.
pip install ringez-sdk ... npm install @ringez/sdk
Verify package ownership, versions, and integrity before installing any SDK, or use the documented REST API directly.