Openclaw phone
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly transparent about using CallMyCall, but its retry-until-answered workflow could keep placing outbound calls without a stated maximum.
Use this only if you are comfortable giving the agent CallMyCall calling authority. Before using retry-until-answered, set a strict maximum number of attempts and interval, verify the API endpoint, and remember that call numbers, briefs, transcripts, and recording links can be sensitive.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A single request could result in repeated calls to someone, potentially annoying the recipient or incurring charges if the call is never answered.
This allows repeated outbound phone calls until an answered condition occurs, but the visible instructions do not set a maximum number of attempts, retry window, or explicit cap for costs/recipient impact.
If status is `busy`, `no-answer`, `failed`, or `canceled`, wait requested interval and place next call. Stop retry loop when: status is `in-progress`, or ... `completed` with `duration > 0`.
Require an explicit max-attempt count, minimum retry interval, and confirmation summary before any retry loop; stop automatically after the agreed limit.
Installing or using the skill may give the agent authority to place, end, and inspect calls under the configured CallMyCall account.
The skill uses a CallMyCall account API key and may read it from local OpenClaw config. This is expected for the integration, but users should notice the credential requirement, especially because the registry metadata says no primary credential is required.
primary_credential: CALLMYCALL_API_KEY ... OpenClaw user config: `~/.openclaw/openclaw.json` under `skills.openclaw-phone.apiKey`
Use a least-privileged CallMyCall key if available, verify the key location, and avoid pasting persistent credentials unless you intend to grant this access.
Recent phone numbers and call goals may remain available in the agent’s state and could be shown or reused in later interactions.
The skill stores recent call metadata, including phone numbers and call purposes, in agent state for later commands like ending or checking a call.
Maintain a list (last 10) of recent calls in state: ... `phone_number` ... `task` ... `started_at` ... `status`
Avoid including unnecessary sensitive details in call briefs, and clear recent-call state when call history should no longer be retained.
If the endpoint is not the CallMyCall endpoint you expect, credentials and call data could go to the wrong service.
The documented API destination may be a fly.dev backend rather than only the homepage domain. It is disclosed, but API keys, call instructions, transcripts, and recording requests may be sent there.
Base URL: `https://call-my-call-backend.fly.dev` ... If your account is configured for a custom domain, use: `https://api.callmycall.com`
Verify the official CallMyCall base URL before configuring an API key or placing calls.