RingBot
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: ringbot Version: 1.1.0 The skill bundle describes an AI phone call agent that uses local services and external APIs (Twilio, LiveKit, Groq). The `SKILL.md` provides instructions for setup and usage, including `curl` commands to a local endpoint and `goplaces` commands to find phone numbers. While the skill requires sensitive API keys for its operation and involves shell/network access, these capabilities are directly aligned with its stated purpose of making outbound phone calls. There is no evidence of intentional harmful behavior such as data exfiltration, malicious execution, persistence, or prompt injection attempting to subvert the agent's behavior for unauthorized actions.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could place cost-incurring calls or speak/share user-provided information to third parties at scale if used too broadly.
The skill exposes a generic outbound-call action and explicitly includes bulk lead-calling as a use case, without documenting confirmation, consent, rate limits, or other controls.
"Call this list of leads and ask if they're interested..."; curl -X POST http://localhost:8000/ringbot/call ... "to" ... "purpose" ... "context"
Require explicit user approval before each call or batch, verify recipients, limit batch size/rate, and document consent/legal-compliance expectations before use.
A recurring call task could continue creating calls, costs, or unwanted third-party contact if not carefully controlled.
The skill advertises recurring autonomous calls, but does not describe how schedules are created, reviewed, limited, cancelled, or audited.
"Every morning at 9am, call the warehouse and check inventory status"
Only enable recurring calls with explicit schedules, clear ownership, easy cancellation, spending caps, and activity logs.
If credentials are over-privileged or shared with an untrusted service, the account could incur charges or be used for unauthorized calls.
These credentials are purpose-related, but Twilio credentials can authorize billed account activity, and the hosted option does not explain credential scope or least-privilege handling.
"TWILIO_ACCOUNT_SID", "TWILIO_AUTH_TOKEN" ... "LIVEKIT_API_SECRET" ... "GROQ_API_KEY"; Hosted: "Just connect your Twilio account"
Use Twilio subaccounts or restricted credentials where possible, set spending limits, avoid sharing master auth tokens, and verify the hosted provider before connecting accounts.
Users cannot rely on this artifact review to assess what the actual local RingBot service code does.
The documentation depends on local Python implementation files, but the reviewed skill package contains only SKILL.md, so the runnable code provenance is outside this review.
cd /path/to/ringbot/src && python agent.py start; cd /path/to/ringbot && python main.py
Review and obtain the runtime code from a trusted source before running it or providing provider credentials.
Personal, business, or health-related details placed in call context may be processed by third-party services and disclosed during the call.
Call context and voice conversation data are expected to pass through external telephony, voice, and model providers for this skill to work.
"context": "Additional context the AI should know"; providers listed include Twilio, LiveKit Cloud, and Groq
Keep context minimal, avoid unnecessary sensitive information, and review provider privacy and retention terms before use.