Vapi AI
Security checks across malware telemetry and agentic risk
Overview
This is a coherent Vapi management skill, but it can use a Vapi API key to make real account changes such as creating assistants and outbound calls, so review permissions and confirmations before use.
Install this skill only if you want OpenClaw to help manage your Vapi account. Provide VAPI_API_KEY through a secret manager, avoid setting VAPI_BASE_URL unless it is a trusted endpoint, and require explicit confirmation before creating calls, assistants, webhooks, phone-number changes, or other account mutations. If you use the optional Vapi CLI or MCP setup, inspect those tools and their permissions separately.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent process with this key can perform Vapi API actions allowed by the key, potentially including account changes and calls.
The helper uses a Vapi API key for authenticated account operations, and the destination can be changed through VAPI_BASE_URL. This is expected for a Vapi integration, but it is sensitive account authority.
const BASE = process.env.VAPI_BASE_URL || "https://api.vapi.ai";
const KEY = process.env.VAPI_API_KEY;
...
Authorization: `Bearer ${KEY}`Store the key as a secret, use the least-privileged Vapi key available, keep VAPI_BASE_URL unset unless you trust the endpoint, and revoke or rotate the key if it is exposed.
A mistaken or unauthorized call creation could contact real phone numbers, incur charges, or violate consent/recording requirements.
The helper can create outbound Vapi calls. This matches the stated purpose, but call initiation is a high-impact action with cost, consent, and compliance implications.
case "calls:create": {
...
const data = await req("/call", { method: "POST", body });Require explicit user confirmation for every outbound call, including assistant ID, phone number ID, recipient, caller number, and consent/compliance constraints.
Running a remote installer can modify the local environment or install additional software outside the reviewed skill files.
The optional CLI path asks the user to pipe a remote installer into a shell. This is disclosed and not automatic, but it executes code from a remote source.
curl -sSL https://vapi.ai/install.sh | bash vapi login
Prefer a documented package manager or inspect the installer before running it; only run it from a trusted machine and account.
If enabled, the MCP setup may add another integration boundary that should be reviewed for what it can read, expose, or execute.
The skill optionally points users to set up a Vapi MCP server for IDE assistance. MCP integrations can expand what context and tools an agent or IDE can access, depending on the configuration.
Option C — MCP docs server for your IDE ... vapi mcp setup
Review the MCP server configuration and permissions before enabling it, and only connect it to trusted IDEs or agents.