ClawHub

AI Phone Calls (Bland AI)

Security checks across malware telemetry and agentic risk

Overview

This skill does make Bland AI phone calls as advertised, but users should review it because it can place real outbound calls and the privacy/recording disclosures are not strong enough.

Install only if you are comfortable giving the skill a Bland AI API key and letting it place outbound calls through Bland AI. Confirm the number, task, cost, and recording setting before each call, and avoid sending secrets, regulated personal data, or sensitive business details unless you have reviewed Bland AI's privacy, retention, and consent requirements.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill documents shell-based executables (`phone-call.sh`, `check-call.sh`, `bland.sh`) but does not declare corresponding permissions or capabilities. This can mislead users and policy systems about what the skill can do, reducing transparency and making risky execution paths harder to review or constrain.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill sends highly sensitive data to a third-party telephony provider, including phone numbers, user-provided call objectives, and potentially transcripts or recordings, but the description does not prominently warn users of this disclosure. This creates a privacy and consent risk because users may provide personal, financial, or health-related details without understanding they will be processed and stored externally.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The `call` command transmits arbitrary user-supplied JSON, including phone numbers and task content, to an external third-party API without any explicit warning, confirmation, or data-minimization guardrails. In a phone-calling skill, this is expected behavior, but the lack of disclosure increases the risk of unintentionally sending sensitive personal or business information off-host.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The `analyze` command sends prompt content tied to a completed call to the external API without warning the user that transcripts or call-derived information may be processed by a third party. Given this skill’s purpose, transcript analysis is in-scope, but the privacy risk is real because call content may include personal, medical, scheduling, or other sensitive details.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script sends a phone number and free-form task text to a third-party API, which can contain sensitive personal or business information. In the context of an agent skill, the lack of an explicit privacy notice or confirmation step increases the risk of unintended disclosure to an external service.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The --record option enables call recording without any warning about legal, privacy, or consent requirements. This can expose users and call recipients to compliance violations or inadvertent capture of sensitive conversations, especially because the skill is specifically designed to contact third parties.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal