Skillv1.0.1

ClawScan security

Openclaw phone · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 11, 2026, 9:05 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior mostly matches its stated purpose (placing and managing calls via CallMyCall) but there are important inconsistencies and a couple of design choices that warrant caution before installing.
Guidance: Before installing: (1) confirm the platform/registry metadata is updated to declare CALLMYCALL_API_KEY — the skill expects that key even though the top-level registry entry did not list it; (2) verify the correct CallMyCall base URL for your account (the docs mention both api.callmycall.com and a fly.dev backend — prefer the official domain or confirm the fly.dev host is legitimate for the provider); (3) avoid storing long-lived API keys in the skill — follow the SKILL.md advice to use an env var or one-time interactive key and only persist manually if you understand the risk; (4) be cautious about sending sensitive personal data (the API supports fields like personal_security_number in a persona object) — do not include PII unless absolutely necessary and authorized; (5) ask the skill author/owner (or registry operator) to fix the registry metadata mismatch so the platform can surface the credential requirement correctly. These issues suggest sloppy/unfinished packaging rather than explicit malice, but you should validate ownership and endpoints before granting credentials.

Review Dimensions

Purpose & Capability: concernThe SKILL.md and accompanying files clearly require a CALLMYCALL_API_KEY and explain how it's used; however the registry metadata at the top of the report lists no primary credential and 'Required env vars: none'. That mismatch is an incoherence — the skill will need an API key but the registry entry doesn't declare it, which can lead to missing prompts/validation in the platform. Other than that, the actions described (start/end/list calls, verify caller IDs, fetch recordings/transcripts) are coherent with a CallMyCall phone skill.
Instruction Scope: noteSKILL.md stays narrowly scoped to the call-management purpose: gathering phone, language, brief; doing validation; calling the CallMyCall API; storing a small recent_calls state. It explicitly forbids creating OS schedulers, storing API keys in skill files/state, and autonomous background runs. Two items worth noting: (1) the docs recommend using a specific backend base URL (https://call-my-call-backend.fly.dev) in addition to api.callmycall.com — using a non-official domain should be validated; and (2) the API accepts highly sensitive fields (e.g., personal_security_number inside a persona object) — the instructions do not forbid including PII in requests, so agents could transmit sensitive user data if prompted to do so.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files to execute at install time, so there is no downloader/extractor or package install risk.
Credentials: concernThe skill legitimately needs a single service credential (CALLMYCALL_API_KEY) but the registry metadata does not declare it (incoherent). The SKILL.md correctly describes a limited key resolution order (env var, user config, prompt) and forbids persisting keys automatically, which is good. However the API surface allows sending PII and webhook URLs; ensure any API use is deliberate and avoid entering persistent credentials unless you trust the service and skill owner. The recommendation to prefer a fly.dev backend (different from the public api.callmycall.com hostname) raises an extra review step: confirm the correct base URL for your account.
Persistence & Privilege: okThe skill does not request always:true, does not ask to modify other skills, and explicitly tells agents not to create background schedulers or persist credentials automatically. It stores minimal per-skill state (recent_calls) which is appropriate for the described functionality.