Pamela Calls
PassAudited by ClawScan on May 10, 2026.
Overview
This skill is coherent and upfront about using Pamela to place billable AI phone calls, but users should confirm each call and protect the API key and call data.
Install only if you intend to let the agent help place Pamela AI phone calls. Use a limited API key if possible, enable billing alerts, confirm each phone number and call task before execution, and avoid sharing sensitive information unless you are comfortable with Pamela processing and storing the call data.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used carelessly, the agent could place real phone calls or run up usage costs.
The skill documents creating outbound calls to arbitrary phone numbers with user-supplied tasks. This is the intended function, but it can affect third parties and should be explicitly user-approved.
thisispamela create-call \ --to "+1234567890" \ --task "Call the pharmacy and check if my prescription is ready"
Confirm the recipient, task, consent, and expected cost before each call; avoid broad or automated call campaigns unless the user has clearly authorized them.
Anyone or any agent with the API key may be able to place calls using the associated Pamela account.
The skill requires a Pamela API key, which is expected for the service and is disclosed, but that key grants access to a billed account.
metadata:
{"openclaw":{"requires":{"env":["PAMELA_API_KEY"]},"primaryEnv":"PAMELA_API_KEY"Use a restricted or test key where possible, keep the key out of code and logs, and enable billing alerts.
Installing external packages can execute third-party code in the user's environment.
The instruction-only skill recommends installing external packages, including a global CLI and MCP package. This is disclosed and aligned with the integration, but package provenance and version pinning remain user responsibilities.
npm install @thisispamela/sdk pip install thisispamela npm install -g @thisispamela/cli npm install @thisispamela/mcp
Install only from the official package names listed, consider pinning versions, and review package provenance before using the CLI or MCP server.
Phone call recordings or transcripts may contain private information and be stored or sent to configured webhook endpoints.
The skill discloses that call content leaves the local environment and may be forwarded via webhooks. This is expected for a voice AI service but may include sensitive conversation data.
Call audio and transcripts are sent to Pamela and may be stored or forwarded to your webhooks
Avoid sending unnecessary sensitive information, review Pamela's data practices, and verify webhook signatures before trusting webhook payloads.