Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
ClawdTalk
v2.0.5ClawdTalk — Voice calls, SMS, and AI Missions for Clawdbot
⭐ 2· 4.3k·15 current·17 all-time
by@dcasem
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (voice calls, SMS, missions) match the included scripts (ws-client.js, telnyx_api.py, call/sms scripts). Required binaries (bash, node, jq, python3) are used by the included scripts. Required config files (~/.openclaw/openclaw.json, ~/.clawdbot/clawdbot.json, skill-config.json) are legitimately used to auto-detect gateway connection info. Overall capabilities align with stated purpose.
Instruction Scope
Runtime instructions and setup scripts read local workspace files (USER.md, IDENTITY.md), gateway config files, and may modify the gateway's tools policy (adds sessions_send to gateway.tools.allow). The SKILL.md and scripts explicitly transmit voice transcripts, SMS, and mission data to clawdtalk.com. The skill also mandates saving mission memory to the server. The instructions access environment variables and local configs beyond the single declared API key (they use gateway tokens and other env fallbacks), and instruct modifying system gateway policy — this is scope-expanding and potentially sensitive.
Install Mechanism
No automatic installer declared (instruction-only), but the repo includes an updater (update.sh) that pulls release zips from GitHub Releases and verifies SHA256 — a reasonable update mechanism. setup.sh runs npm install to fetch dependencies (ws). No use of obscure external download hosts; GitHub + npm are used. Reasonable but updates overwrite skill files so you should review update behavior and backups.
Credentials
Declared primary credential is CLAWDTALK_API_KEY, which is expected. However scripts also read gateway auth and other environment variables (OPENCLAW_GATEWAY_TOKEN, CLAWDBOT_GATEWAY_TOKEN and gateway URLs) and local gateway config files. Those additional credentials/configs are not listed in requires.env but are required to function. The skill may store the API key and gateway details in skill-config.json (plaintext unless you explicitly supply ${CLAWDTALK_API_KEY}). Requesting access to gateway config and tokens is plausible for proxying voice -> agent, but it expands the blast radius and should be explicitly acknowledged by the user.
Persistence & Privilege
The skill modifies system gateway configuration (it attempts to add sessions_send to gateway.tools.allow and writes gateway config changes) and writes skill-config.json with API and gateway details. While required for operation, this is a change to system-wide settings outside the skill's own directory. always is false and autonomous invocation is allowed (default), so the combination of autonomous operation plus modifying gateway tools is higher privilege — you should only allow it if you trust the service and review the code.
What to consider before installing
This skill appears to implement a phone/SMS integration and will send voice transcripts, SMS content, mission state, and saved memory to clawdtalk.com. Before installing: 1) Only proceed if you trust clawdtalk.com/Telnyx to receive conversation data. 2) Prefer supplying CLAWDTALK_API_KEY as an environment variable (not stored in skill-config.json). 3) Inspect telnyx_api.py, ws-client.js, and approval.sh to confirm what is sent to the remote server and what triggers approval flows. 4) Back up your gateway config (~/.openclaw/openclaw.json or ~/.clawdbot/clawdbot.json) because setup.sh may modify gateway.tools.allow (adds sessions_send) — this change grants the skill the ability to route tool requests into your agent. 5) If possible, run the skill in a test environment first (non-production agent) to observe behavior. 6) Restrict the API key to minimum privileges if the provider supports scoped keys, and consider rotating the key after testing. 7) Keep automatic updates disabled or review update.sh (it downloads and can overwrite skill files). If you want help auditing specific files (telnyx_api.py, ws-client.js) for exact outbound requests and what memory/events are transmitted, provide them and I can point out the precise network calls and data flows.Like a lobster shell, security has layers — review code before you run it.
latestvk97ekcjrm051t8davpd37cv7ps826phv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📞 Clawdis
Binsbash, node, jq, python3
EnvCLAWDTALK_API_KEY
Configskill-config.json, ~/.openclaw/openclaw.json, ~/.clawdbot/clawdbot.json
Primary envCLAWDTALK_API_KEY