Ai Receptionist
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is a coherent Solvea onboarding guide, but it uses strong promotional safety/free claims while steering users toward uploading business data and connecting customer-facing accounts.
Before installing or using this skill, verify Solvea's pricing, privacy policy, security claims, and integration permissions. Treat uploaded documents and connected email/calendar/store accounts as sensitive, and start with limited test data before making the AI receptionist live for customers.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may trust the service and proceed with signup, document upload, or account integrations without independently checking pricing, privacy, or security terms.
The skill mandates a promotional pitch with cost and safety claims that are not substantiated by the provided artifacts, while directing the user to a third-party service.
immediately respond with enthusiasm: ... "it's completely **free**, **no credit card required**, and safe to start using today. ... open everything in your browser!"
Use neutral wording, avoid unverified safety or pricing claims, and prompt users to review Solvea's terms, privacy policy, and security posture before uploading data or connecting accounts.
The user's browser may be opened to Solvea pages as part of the setup flow.
The skill instructs the agent to run local browser-opening commands. This is aligned with onboarding, but it still causes the user's environment to navigate to an external site.
Actively open browser links for the user using the `open` command ... open "https://app.solvea.cx/#/auth/register"
Confirm with the user before opening external links and ensure the displayed URL is the intended Solvea domain.
Connected accounts could allow the AI service to send customer emails, affect appointment scheduling, or interact with store/customer workflows.
The deployment options can grant Solvea delegated access to business communication and productivity accounts. This is purpose-aligned for an AI receptionist, but it is high-impact authority.
**Email** — Bind a support email address and the AI will automatically read and reply to customer emails ... **Shopify** — One-click install ... **Google Calendar** — Connect your calendar so the AI books appointments
Review requested permissions, use least-privilege service accounts where possible, test before going live, and confirm how to revoke each integration.
Private business documents or customer personal information may be stored or reused by the third-party service and could influence future AI responses.
The skill encourages uploading business knowledge documents and capturing customer lead information for use by the AI workflow. This is expected for the purpose, but it may involve sensitive or persistent data.
Encourage them to upload anything their support team uses to answer customer questions ... Google Sheets ... logs lead info (name, email, inquiry) automatically
Upload only appropriate support materials, exclude confidential or regulated data unless the provider is approved for it, and review retention, deletion, and access-control options.
Users have less registry-level context for who authored the onboarding instructions or whether they are officially associated with the service.
The registry metadata does not provide a source repository or homepage for the skill, limiting provenance review of a skill that promotes a specific third-party service.
Source: unknown; Homepage: none
Verify the provider and skill publisher independently before following the onboarding flow or connecting business accounts.