ClawHub

TelCall Twilio

v1.0.0

Make emergency phone calls via Twilio. Use when you need to call someone and play a voice message programmatically (e.g., server down alerts, security notifi...

2· 462·0 current·0 all-time
bylaosun@cnvipstar
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (emergency phone calls via Twilio) matches the included scripts and instructions. The scripts only require curl/jq and interact with api.twilio.com using Account SID/Auth Token — these are expected for this functionality.
Instruction Scope
SKILL.md and the scripts limit activity to configuring credentials (interactive setup), saving them to ~/.openclaw/workspace/telcall-twilio/config/twilio.json, and POSTing TwiML to Twilio's Calls API. They do not read unrelated system files or send data to endpoints other than Twilio.
Install Mechanism
There is no remote installer or download; the skill is instruction-only with two local shell scripts. No external archives, shorteners, or arbitrary code downloads are used.
Credentials
No environment variables or unrelated credentials are requested. The setup script asks interactively for Account SID/Auth Token/from/to numbers and writes them to a local config file (permissions set to 600). Storing secrets on disk is proportional for this use but is a sensitive action that should be protected.
Persistence & Privilege
always:false (not force-included). disable-model-invocation is false (the agent may invoke the skill autonomously by default). That is normal, but because the skill can place phone calls using stored credentials, consider whether you want the agent to be allowed to make calls without explicit confirmation.
Assessment
This skill appears to do what it says: it prompts you for Twilio credentials and saves them to ~/.openclaw/workspace/telcall-twilio/config/twilio.json (chmod 600) and then uses those credentials to POST to api.twilio.com to initiate calls. Before installing: (1) review the two scripts (they are short and human-readable) and confirm you are comfortable storing your Twilio Auth Token on disk; (2) consider creating a Twilio subaccount or API key with limited permissions and a spending limit to reduce blast radius; (3) be aware the assistant can call autonomously by default — if you want manual approval, disable autonomous invocation for the agent or require confirmation prior to calling; (4) monitor Twilio usage and rotate/revoke tokens when no longer needed; (5) if you uninstall, delete the twilio.json file to remove credentials. If any of these points are unacceptable, do not install or do not provide production credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ed1885m0414tz8w3cgrnxax81qc3b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binscurl, jq

Comments