ClawHub

Phone Call

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it helps a Mac place phone calls and speak text into them, with important but disclosed permission and privacy tradeoffs.

Install only if you are comfortable granting the OpenClaw runner macOS Accessibility/Automation permission and letting it place real calls from your Mac/iPhone setup. Use --dry-run or --no-confirm when you want manual control, and avoid setting ElevenLabs credentials if call speech should remain local.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The script can send the spoken text to ElevenLabs via `sag` when credentials are present, even though the skill description emphasizes local TTS. In a phone-call skill, spoken content is likely to include sensitive or private information, so silently switching to a cloud provider creates an unexpected data-exfiltration path.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The script checks for external-service credentials and uses them to enable a cloud speech backend, which is not necessary for a local phone-call speaking helper. This expands the skill's privileges and enables transmission of user-supplied call content to a third party, increasing privacy and compliance risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The network call site does not provide an explicit warning that the text may be transmitted to ElevenLabs, so users may believe all speech remains local. In the context of an active phone-call helper, this is more dangerous because agents may speak names, numbers, or other sensitive conversational data that should not be sent off-device without notice.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal