ClawHub

Llc Phone

Security checks across malware telemetry and agentic risk

Overview

This voice-calling skill appears legitimate, but it needs review because its examples include silent customer-data lookup and note storage without clear consent or verification.

Install only if you are prepared to configure explicit call disclosures, consent and recording policies, caller verification before account-specific actions, strict retention for transcripts/notes, and minimal pre-answer context sharing. Treat caller ID as a hint, not authentication.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill includes operational instructions to kill processes listening on a port and to overwrite a source file from a snapshot, but it does not warn the user that these actions are disruptive and can terminate unrelated services or roll back important changes. In a user-invocable skill, such maintenance steps can be copied and executed without sufficient context, creating availability and integrity risk even if the author’s intent appears operational rather than malicious.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The documentation explicitly shows streaming live caller audio to a third-party API but does not mention consent, notice, retention, or compliance requirements. In a phone-call skill, this omission can lead implementers to deploy call recording/transcription flows without required user disclosure or legal review, creating privacy and regulatory risk.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documented pre-warm design sends prospect context and triggers OpenAI session generation before the callee has answered, which means third-party processing begins prior to any opportunity for notice or consent. In a phone workflow, that increases privacy and compliance risk because personal data may be disclosed to OpenAI and Twilio even when the call is never answered or reaches the wrong party or voicemail.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The CSR flow explicitly instructs the system to look up a customer by caller phone number as soon as the call connects, without any notice, consent, or verification step. This can expose personal account data to an automated system based solely on ANI/caller ID, which is spoofable and may also violate privacy or notice requirements depending on jurisdiction and industry context.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The example greeting prompt embeds a hidden system instruction to silently identify the caller and retrieve their record before informing them, normalizing undisclosed background access to personal data. In a phone-support context this is more dangerous because the skill is designed for real customer interactions, where silent lookup can create privacy, compliance, and misidentification risks at production scale.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The guidance explicitly instructs the system to save internal call notes silently, which can lead to undisclosed collection or recording of user-provided information. In a phone-call context, hidden note-taking increases privacy, consent, and compliance risk because callers may not realize their statements are being persisted to a CRM or message store.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal