ClawHub

Openclaw phone

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about using a phone-call API, but its repeated-calling workflow lacks clear limits and should be reviewed before granting calling authority.

Before installing, decide whether you are comfortable letting an agent place and end real phone calls through your CallMyCall account. Use a limited API key if possible, avoid unnecessary sensitive details in call briefs, verify the API endpoint, and set explicit limits for retry-until-answered requests such as maximum attempts and interval.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill description is broad enough that an agent may invoke it for loosely related requests about calling or planning calls, which can trigger real-world telephony actions with financial, privacy, and harassment consequences. In this context, over-broad activation is more dangerous than in a read-only skill because the skill can initiate and terminate phone calls via an external API.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The example explicitly instructs the agent to send phone numbers and call tasks to a third-party API and to persist returned call identifiers in local storage, but it does not mention privacy implications, retention, or obtain explicit consent for transmitting/storing potentially sensitive data. In a phone-calling skill, this is contextually relevant because call briefs may contain personal, scheduling, or confidential information, making silent transmission and persistence a real privacy/security risk rather than a purely informational omission.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal