AI Phone Calls (Bland AI)
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: phone-calls-bland Version: 1.0.0 The OpenClaw AgentSkills skill bundle for Bland AI is benign. It correctly implements its stated purpose of making AI-powered phone calls via the Bland AI API. The scripts (`bland.sh`, `check-call.sh`, `phone-call.sh`) securely load the `BLAND_API_KEY` from environment variables or `~/.clawd/secrets.json` and use `curl` to interact solely with the legitimate `https://api.bland.ai/v1` endpoint. There is no evidence of data exfiltration to unauthorized destinations, malicious command execution, persistence mechanisms, or prompt injection attempts against the OpenClaw agent within the `SKILL.md` or code.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may believe call data stays local or self-hosted when the skill actually relies on Bland AI's hosted service.
This privacy/security claim is unsupported by the implementation, which uses Bland AI's hosted API; it could lead users to underestimate that phone numbers, call tasks, transcripts, and recordings may involve a third-party provider.
- Self-hosted (data stays secure)
Correct the documentation to clearly state what data is sent to Bland AI, what may be stored or recorded, and where users should review Bland AI's privacy and retention settings.
If invoked on the wrong number or with unclear instructions, it could call a third party, spend credits, or create/cancel arrangements unintentionally.
This directly initiates an outbound phone call when supplied with a phone number and task. That is the skill's purpose, but it is a real-world action with possible cost and social/business impact.
RESPONSE=$(curl -s -X POST "https://api.bland.ai/v1/calls" ... -d "$REQUEST_BODY")
Confirm the phone number, task, cost expectations, and recording choice before each call, especially if an agent proposes the call automatically.
Anyone or any agent process with access to the configured key can use the Bland AI account within the script's capabilities.
The skill reads a Bland AI API key from the environment or local secrets file and uses it for provider authorization. This is expected for the integration, but it grants authority to make calls and retrieve call data.
BLAND_API_KEY=$(jq -r '.bland_api_key // empty' ~/.clawd/secrets.json 2>/dev/null)
Use a dedicated Bland AI key where possible, protect ~/.clawd/secrets.json, and revoke or rotate the key if it is no longer needed.
Sensitive details spoken during calls may be available through the Bland AI account and displayed back to the agent or user.
The skill retrieves call transcripts, summaries, and optional recording URLs from the provider. This is disclosed and purpose-aligned, but call content can contain sensitive personal or business information.
TRANSCRIPT=$(echo "$RESPONSE" | jq -r '.concatenated_transcript // empty') ... RECORDING=$(echo "$RESPONSE" | jq -r '.recording_url // empty')
Avoid including unnecessary sensitive information in call tasks, understand recording/transcript retention, and comply with applicable consent requirements before recording calls.
The skill may fail or behave differently on systems without the expected command-line tools.
The scripts depend on local jq and curl, but the registry requirements list no required binaries. This is not malicious, but it is an undeclared runtime dependency.
REQUEST_BODY=$(jq -n ...); RESPONSE=$(curl -s -X POST "https://api.bland.ai/v1/calls" ...)
Declare curl and jq as required binaries or document them clearly in setup instructions.