clawphone
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill matches its messaging purpose, but its direct P2P mode appears to accept unauthenticated plaintext messages and may expose a listener more broadly than users would expect.
Use this only after reviewing the Direct P2P mode. Prefer the encrypted ClawMesh path for sensitive conversations, avoid exposing the direct listener to untrusted networks, verify contacts out of band, do not let the agent treat incoming messages as trusted instructions, and check/clear the local phonebook database if privacy matters.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Other processes or reachable hosts may be able to spoof messages into the agent, and the user may not realize the listener is exposed beyond localhost.
The async DirectAdapter starts a listener on all interfaces while reporting a localhost address, then forwards arbitrary decoded JSON to the message callback without shown authentication, encryption, or contact validation.
host = "0.0.0.0" ... self._address = f"127.0.0.1:{actual_port}" ... msg = json.loads(data.decode('utf-8')) ... self._on_message(msg)Bind direct mode to 127.0.0.1 by default, require explicit user approval for non-local listening, authenticate peers, validate sender phone IDs against contacts, and treat all incoming messages as untrusted.
Users may believe all modes are encrypted and sender-verified when direct mode may not provide those guarantees.
These security claims can overstate protection because the included Direct P2P implementation sends raw JSON over sockets and accepts inbound JSON without shown identity checks; README separately notes Direct P2P is plaintext.
传输层: 复用 ClawMesh WebSocket + ECDH 加密 ... 所有消息通过 ClawMesh 端到端加密 ... 拒绝匿名呼叫(需已知有效号码)
Clearly distinguish ClawMesh encrypted mode from Direct plaintext mode, remove or qualify the blanket encryption/anonymous-call claims, and document what verification the user must perform.
Phone/contact data and possibly message history may remain on the local machine after use.
The skill creates persistent local storage for phonebook data and a call_log table containing a message field, so communication data may persist across sessions if used by the runtime.
DB_PATH = Path.home() / ".openclaw" / "skills" / "clawphone" / "phonebook.db" ... CREATE TABLE IF NOT EXISTS call_log (... from_phone TEXT, to_phone TEXT, message TEXT ...)
Document exactly what is stored, when call_log is written, retention behavior, and how users can clear the local database.
Installation may depend on external code not governed by the registry install contract.
The bundled skill metadata declares an external dependency and repository, while the registry summary reports no install spec and unknown source. This is purpose-aligned for a networking skill but leaves dependency/provenance verification to the user.
dependencies:
- name: clawmesh
version: ">=1.0.0"
required: true
repository:
type: git
url: https://github.com/coolhitbird/clawphone.gitVerify the repository and dependency source before installing, and prefer pinned dependency versions or a clear install specification.