ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Phone Voice Integration

v2.0.0

Connect ElevenLabs Agents to your OpenClaw via phone with Twilio. Includes caller ID auth, voice PIN security, call screening, memory injection, and cost tracking.

4· 2.7k·13 current·13 all-time
byRoaming@cortexuvula
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The stated purpose (connect ElevenLabs + Twilio + Anthropic via a bridge) reasonably requires Twilio, ElevenLabs, and Anthropic credentials and a network tunnel. However the registry metadata claims no required environment variables or config paths while the SKILL.md clearly expects many secrets and local files (MEMORY.md, USER.md, .env, contacts.json). That mismatch is notable.
!
Instruction Scope
SKILL.md instructs the agent/operator to load and inject local sensitive files (MEMORY.md, USER.md, recent transcripts) into prompts, to store voice PINs and other secrets in .env, and to transmit conversation data to external services (ElevenLabs, Anthropic, Twilio). It also suggests optional live data (calendar, weather) via external CLIs/APIs. These actions read and transmit sensitive local data not declared in the skill metadata and could leak private information if misconfigured.
Install Mechanism
This is instruction-only (no install spec or code), which reduces direct install risk. The doc recommends installing cloudflared or using ngrok (standard tooling) via brew/ngrok; that is expected for exposing a local bridge but increases exposure. Because there's no provided code to review, the bridge implementation is unspecified — you must supply or review that code yourself.
!
Credentials
Although the registry lists no required env vars, the instructions require multiple high-privilege secrets (ElevenLabs API key/xi-api-key, Twilio Account SID/Auth Token, Anthropic API key, a bridge auth token, possibly calendar API tokens). Requesting all of these is reasonable for the feature set, but the skill under-declares them and gives no guidance on least-privilege, token scoping, or secure storage. Storing PINs and tokens in plaintext .env files is explicitly suggested, which is risky.
!
Persistence & Privilege
The skill does not request 'always' privilege, which is good, but it instructs you to run a permanent Cloudflare tunnel or ngrok exposing a local server to the internet. That materially increases attack surface and persistence of external access to your machine and any files the bridge can read. The bridge will handle credentials and transcripts, so run it in an isolated environment and ensure proper access controls.
What to consider before installing
This skill's purpose is plausible, but the SKILL.md expects you to provide and expose several sensitive credentials and local data while running a public-facing bridge — and the registry metadata does not declare those requirements. Before installing or running anything: 1) Do not copy unreviewed bridge code from unknown sources — implement or review the FastAPI bridge yourself. 2) Use dedicated, least-privilege API keys (separate accounts or scoped tokens) for Twilio/ElevenLabs/Anthropic and rotate them after testing. 3) Avoid storing long-term secrets in plaintext .env; use a secrets manager if possible and prefer short-lived tokens. 4) Run the bridge in an isolated VM/container with strict network/firewall rules and logging. 5) Be cautious about memory files (MEMORY.md, USER.md, transcripts) — they contain personal data and will be sent to external LLM services; redact or limit sensitive content. 6) Prefer temporary tunnels (ngrok short-lived) or carefully configured Cloudflare tunnels, and restrict incoming origins and auth. 7) Ask the publisher for the bridge source code, an explicit list of required env vars, and instructions for secure deployment; if they cannot provide it, consider this skill suspicious and avoid running it in production. Additional info that would raise confidence to 'high': the actual bridge source code for review, a declared env var list in registry metadata, and documented token scoping/retention policies.

Like a lobster shell, security has layers — review code before you run it.

elevenlabsvk97em4pgqcy7519axp1q861qsd80g8g3latestvk97em4pgqcy7519axp1q861qsd80g8g3phonevk97em4pgqcy7519axp1q861qsd80g8g3securityvk97em4pgqcy7519axp1q861qsd80g8g3twiliovk97em4pgqcy7519axp1q861qsd80g8g3voicevk97em4pgqcy7519axp1q861qsd80g8g3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments