ClawHub

ElevenLabs Phone Reminder (Lite)

v1.1.1

Build AI phone call reminders with ElevenLabs Conversational AI + Twilio. Free starter guide.

3· 2.1k·2 current·4 all-time
byJu Chun Ko@daaab
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name and description promise an ElevenLabs + Twilio phone reminder and the SKILL.md only contains instructions to create an ElevenLabs conversational agent and wire a Twilio number. The requested capabilities (outbound calls, TTS, conversational agent) match the stated purpose.
!
Instruction Scope
The instructions explicitly show curl examples that use ELEVENLABS_API_KEY, TWILIO_ACCOUNT_SID, and TWILIO_AUTH_TOKEN. The manifest, however, declares no required env vars. The SKILL.md instructs the user to POST Twilio SID/Auth Token to an ElevenLabs endpoint — which is expected for this integration but is sensitive (the Twilio Auth Token grants full API access). The guide does not recommend safer alternatives (e.g., Twilio API Keys, subaccounts, or scoped credentials) or warn about the risks of sharing the Auth Token.
Install Mechanism
This is an instruction-only skill with no install spec and no code files. Nothing is written to disk by the skill itself, so there is no installation-time code execution risk from this package.
!
Credentials
Although the guide requires sensitive credentials (ElevenLabs API key and Twilio account credentials), the registry metadata lists no required environment variables or primary credential. The omission is a mismatch: sensitive tokens are necessary for the functionality but are not declared in the manifest, which could mislead users or automated permission gating.
Persistence & Privilege
The skill does not request always:true, does not attempt to modify other skills, and has no install behavior. It does not ask for persistent platform privileges in the manifest.
What to consider before installing
This guide appears to do what it says — wire ElevenLabs Conversational AI to Twilio — but be cautious before using it: - The SKILL.md demonstrates sending your Twilio Account SID and Auth Token to an ElevenLabs API endpoint. The Twilio Auth Token is effectively a full-control secret for your Twilio account. Only proceed if you trust ElevenLabs (or whichever service you send it to). - Prefer safer credential practices: use Twilio API Keys (not your main Auth Token), create a limited subaccount for the integration, or apply the least privilege possible and limit phone/calling quotas. If ElevenLabs supports token-scoped access or delegated credentials, use those instead. - The skill manifest does not declare these required env vars; that mismatch is a red flag for process/permissions. Confirm where and how you store/provide the credentials before following the curl examples. - Because this is instruction-only with no install, the risk comes from you copying the example commands and pasting secrets into cloud services. Review the ElevenLabs and Twilio consoles and documentation to ensure you understand what you’re sharing. If you want to proceed: create a throwaway/test Twilio subaccount or test credentials first, verify the ElevenLabs endpoint is legitimate (api.elevenlabs.io), and consider rotating any primary credentials used for testing.

Like a lobster shell, security has layers — review code before you run it.

latestvk971qfqk3se3haqvxvyrnxzxyh82fqym

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments