ClawdTalk
WarnAudited by ClawScan on May 10, 2026.
Overview
ClawdTalk is a disclosed phone/SMS integration, but it creates a powerful bridge from calls and texts into your main agent and handles credentials, memory, and background access in ways that need careful review.
Review before installing. Only use this if you trust ClawdTalk/Telnyx with your calls, texts, agent outputs, and mission data. Prefer environment variables or a secret manager for keys, avoid pasting secrets into chat, restrict the tools available to the connected agent, require strong approval for sensitive actions, and disable the background connection when you do not need phone access.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A caller or SMS flow could cause the main agent to read private data or use connected tools through the phone interface.
The voice-call context explicitly tells the agent to use broad tools and permits read/status actions without approval, while voice approval can authorize sensitive actions. For a phone/SMS bridge, this is high-impact unless caller identity and tool scope are tightly controlled.
- You have FULL tool access: Slack, memory, web search, etc. Use them when needed. ... If the user confirms by voice ... treat it as approved ... Actions that do NOT need approval: reading data, searching, checking status
Enable this only for agents with carefully scoped tools, require strong caller verification, keep push/biometric approval for sensitive actions, and avoid relying on voice-only approval for destructive or account-changing tasks.
The ClawdTalk API key may be exposed to the agent transcript, logs, or command history.
The setup guide directs the user to put a live API key into the agent conversation and an inline shell command, which can leave the secret in chat/tool history instead of only in a secret store or protected environment.
I need your ClawdTalk API key to finish setup. ... Paste it here when you have it. ... CLAWDTALK_API_KEY="<the_key>" python3 scripts/telnyx_api.py check-key
Use a secret manager or pre-set environment variable instead of pasting the key into chat; if a key was pasted into shared logs or transcripts, rotate it.
Anyone who can read the skill configuration may gain the token needed to call the local gateway.
The setup script reads the local OpenClaw/Clawdbot gateway auth token and writes it into the skill's own configuration file, duplicating a token that can authorize access to the local gateway.
gateway_token=$(jq -r '.gateway.auth.token // ""' "$GATEWAY_CONFIG" ... ) ... "gateway_token": $gateway_token_json
Keep the skill directory private, prefer environment-variable references for tokens, avoid printing skill-config.json, and rotate the gateway token if the file is exposed.
Sensitive mission details, contacts, messages, or mistakes could be stored server-side and influence later mission state or UI output.
The skill mandates broad server-side memory persistence for mission actions without visible exclusions for secrets, sensitive content, retention, or later reuse boundaries.
Every significant action MUST be persisted using `save-memory` or `append-memory` IMMEDIATELY ... No exceptions.
Store only the minimum needed mission state, redact secrets and private content, and ask the user before saving sensitive information.
Running the client could fetch and execute dependency installation code without a separate user confirmation at that moment.
The static scan reports that the runtime WebSocket client can execute a shell command to install an npm package, rather than relying only on the reviewed package-lock/setup path.
require('child_process').execSync('cd ' + SKILL_DIR + ' && npm install ws@8', { stdio: 'inherit' });Install dependencies during explicit setup from a lockfile, pin exact versions, and remove automatic runtime npm install behavior.
Your calls, texts, and agent results may be visible to or stored by the ClawdTalk/Telnyx service.
The artifacts clearly disclose that call transcripts, tool results, and conversation state are relayed through the ClawdTalk service; this is purpose-aligned but sensitive.
`https://clawdtalk.com` (WebSocket) | `ws-client.js` | Voice transcripts, tool results, conversation state
Install only if you trust the service with call, SMS, and agent-output data, and avoid using it for highly sensitive conversations unless appropriate safeguards are in place.
The phone/SMS bridge can keep running after setup and across reboots if configured that way.
The skill documents an optional persistent background WebSocket connection that can restart on reboot. This matches the voice-call purpose, but users should notice the persistence.
Keep it running via crontab: ... @reboot cd ~/clawd/skills/clawdtalk-client && ./scripts/connect.sh start
Run the background connection only when needed, monitor its logs, and remove any crontab entry or run the uninstall script if you stop using the skill.