ClawHub
Back to skill
v0.1.4

Voice.Ai Voice Agents

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 4:57 AM.

Analysis

The skill mostly matches its Voice.ai management purpose, but its setup instructions expose the API key and it can make account-changing actions such as deploying or deleting voice agents.

GuidanceInstall only if you intend to let OpenClaw manage your Voice.ai agents. Set the API key securely, do not echo it to the terminal, rotate it if exposed, require explicit approval before deploy/delete actions, and connect only trusted MCP servers with least-privilege credentials.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
scripts/agent.js
case 'delete': {
  if (!args.id) {
    console.error('Error: --id is required');
    process.exit(1);
  }

  await client.deleteAgent(args.id);
  console.log('🗑️  Agent deleted successfully!');

The CLI includes direct account-mutating operations such as deleting an agent by ID. This is consistent with the stated management purpose, but it is a sensitive action and the code does not include an extra confirmation prompt.

User impactIf the wrong agent ID is supplied or an agent acts too broadly, a real Voice.ai agent could be disabled or deleted.
RecommendationUse explicit user approval for deploy, pause, update, and delete operations, and verify the target agent ID before running destructive commands.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceMediumStatusNote
metadata
Source: unknown
Homepage: none
Required env vars: none
Primary credential: none

The registry metadata lacks source/homepage provenance and does not declare the credential that the skill documentation and code require. This is not evidence of malicious behavior, but it reduces install-time clarity.

User impactUsers may not get a clear registry-level warning that the skill needs a Voice.ai API key and will act on their Voice.ai account.
RecommendationVerify the publisher and code provenance before installing, and prefer metadata that explicitly declares `VOICE_AI_API_KEY` as a required credential.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusConcern
SKILL.md
# 1. Check if API key is set
echo $VOICE_AI_API_KEY

The skill tells the user to print the Voice.ai API key before operations. API keys are account credentials, and showing them in terminal output can expose them through logs, screenshots, shared sessions, or copied transcripts.

User impactYour Voice.ai API key could be exposed to someone who can then act on your Voice.ai account within that key's permissions.
RecommendationDo not print the full API key. Check whether it is set with a non-revealing command such as `test -n "$VOICE_AI_API_KEY" && echo set`, and rotate the key if it has already been exposed.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceMediumStatusNote
SKILL.md
- **MCP Integration** - Connect agents to external tools via MCP

The skill advertises connecting Voice.ai agents to external MCP tools. That is purpose-aligned, but MCP connections can extend a deployed voice agent's reach into other systems depending on the server and credentials used.

User impactA connected MCP server may let a voice agent access or act on external data and tools beyond Voice.ai itself.
RecommendationConnect only trusted MCP servers, use least-privilege credentials, and review what tools the voice agent will be allowed to call.