OpenCawl
v1.0.1Gives your Claw a phone number. Make and manage phone calls via OpenCawl. Use this skill whenever the user asks you to call someone, make a phone call, sched...
⭐ 1· 54·0 current·0 all-time
byAmmon Brown@ammbo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (give a phone number, make/manage calls) align with the declared requirement: a single OPENCAWL_API_KEY. The skill documents use of ElevenLabs and Twilio but does not ask for their credentials (OpenCawl manages them), which is consistent with the described architecture.
Instruction Scope
SKILL.md and api.md only describe API calls, webhooks, and dashboard configuration; they do not instruct reading unrelated local files or other environment variables. The docs reference storing the key in ~/.openclaw/openclaw.json (a configuration path) even though 'required config paths' lists none — this is not malicious but worth noting so you know where the key may be saved. The skill supports arbitrary on_completion_webhook and gateway_webhook URLs, which is expected but means data (transcripts/outcomes) can be POSTed to endpoints you supply.
Install Mechanism
No install spec and no code files — instruction-only — so nothing will be downloaded or written by the skill itself during install. This is the lowest-risk install model.
Credentials
Only a single credential (OPENCAWL_API_KEY) is required and is the declared primary credential. That matches the skill's function. The docs also describe a gateway_token that you may configure to allow OpenCawl to call your gateway — this is expected but you should only provide tokens to endpoints you control and trust.
Persistence & Privilege
The skill is not always-enabled and allows autonomous invocation (the platform default). It does not request system-wide configuration changes or access to other skills' tokens. No elevated persistence privileges are requested.
Assessment
This skill appears to be what it claims: a telephony integration that uses OpenCawl (which in turn uses ElevenLabs and Twilio). Before installing: 1) Treat OPENCAWL_API_KEY as sensitive — create/issue a key with limited scope if possible and rotate it if exposed. 2) Be careful what on_completion_webhook or gateway_webhook URLs you provide — OpenCawl will POST transcripts/outcomes/metadata there, so do not point them at untrusted endpoints. 3) Understand call recordings, transcripts, and any personal data will be handled by opencawl.com (review their privacy/retention and Twilio/ElevenLabs usage). 4) If you configure a gateway_token, ensure your gateway authenticates incoming requests and only accepts calls from OpenCawl origins. 5) Expect potential billing/usage (minutes/credits) and legal/regulatory requirements for automated calling in your jurisdiction. Overall: coherent and proportional, but review webhooks, API key handling, and data-retention/privacy before enabling in production.Like a lobster shell, security has layers — review code before you run it.
latestvk9771hw18ysxx9vak83x8yvt6984xgte
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📞 Clawdis
EnvOPENCAWL_API_KEY
Primary envOPENCAWL_API_KEY