Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Travel Concierge CLI
v1.5.0Find accommodation contact details and run AI-assisted booking calls
⭐ 0· 1.4k·1 current·2 all-time
by@arein
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's stated purpose (finding contacts and placing AI phone calls) does justify Twilio/Deepgram/ElevenLabs/Anthropic/ngrok credentials. However, the registry metadata claims no required env vars/credentials while the SKILL.md and CALL-SETUP.md clearly require many sensitive keys — this mismatch is an incoherence that should be resolved before trusting the package.
Instruction Scope
Runtime instructions include starting a local Node call server, auto-starting ngrok to expose it publicly, handling Twilio media streams, and writing per-run logs (including transcripts) under ~/.config/concierge/call-runs/. Those actions are functionally necessary for the described feature but broaden the operational scope (network exposure and persistent storage of potentially sensitive audio/transcripts).
Install Mechanism
No install spec or remote download is included (instruction-only), which reduces supply-chain risk. There is a small code footprint (vitest config) and no installers that fetch arbitrary archives.
Credentials
The number and sensitivity of required credentials (Twilio SID/AuthToken, Twilio phone number, Deepgram key, ElevenLabs key and voice ID, Anthropic key, optional ngrok token) are proportionate to the call capability, but the registry declaring 'none' is misleading. Also, the skill stores these keys in plaintext config (~/.config/concierge/config.json5) and displays masked keys only — there is no mention of encryption, which increases the risk if the machine is compromised or backups are created.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It does, however, auto-manage long‑running processes (ngrok and a local server) when making calls and writes logs to the user's config directory; auto-exposing a local service via ngrok is powerful and should be used with care but is coherent with the feature set.
What to consider before installing
This skill appears to do what it says (AI-driven phone calls) but you should be cautious: the SKILL.md and CALL-SETUP.md require multiple sensitive API keys (Twilio, Deepgram, ElevenLabs, Anthropic, optional ngrok token) even though the registry metadata lists none — that's an inconsistency. Before installing or using it, do the following: 1) Verify the skill's source/author (the package has no homepage and an unknown source); 2) Inspect the actual implementation code (there's minimal code included here but confirm there's no hidden network exfiltration logic); 3) Use limited/throwaway API keys or accounts with minimal privileges and billing limits for testing; 4) Be aware ngrok will expose a local server to the public internet — avoid using your primary machine or sensitive networks, and don't expose services beyond what's necessary; 5) Expect logs and transcripts to be stored under ~/.config/concierge — treat those as sensitive data and clean them up if needed; 6) Monitor billing on Twilio/ElevenLabs/Deepgram/Anthropic because real calls incur costs. If the author can update the package metadata to declare required credentials and provide a verifiable source (or you can review the code), this would reduce the suspicion.Like a lobster shell, security has layers — review code before you run it.
latestvk97fzb15dys7wx0heyrwtzxtx980jkds
License
MIT-0
Free to use, modify, and redistribute. No attribution required.