ClawHub

Outbound Call

v0.1.5

Make outbound phone calls via ElevenLabs voice agent and Twilio

2· 912·3 current·3 all-time
byhuman jesse@humanjesse
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required env vars, SKILL.md, and call.py align: the script posts to an ElevenLabs convai/twilio/outbound-call endpoint using ELEVENLABS_API_KEY, ELEVENLABS_AGENT_ID, and ELEVENLABS_PHONE_NUMBER_ID. No unrelated credentials (e.g., raw Twilio keys or cloud keys) are requested.
Instruction Scope
Runtime instructions are narrowly scoped: run call.py with a phone number and optional message/context. The code only reads the declared env vars, validates E.164 format (US), and sends a JSON payload to the ElevenLabs API. It does not read arbitrary files, other env vars, or contact unexpected external endpoints.
Install Mechanism
There is no install spec (instruction-only with a small included script). The included Python file uses only stdlib modules (urllib, json, re), so nothing is downloaded or installed during runtime by the skill itself.
Credentials
The skill requests three ElevenLabs-specific env vars and declares ELEVENLABS_API_KEY as the primary credential. That is proportionate for a service that delegates Twilio dialing server-side. No additional unrelated secrets are requested.
Persistence & Privilege
always is false and the skill does not modify other skills or system configs. The skill can be invoked by the model (default), which is expected for an agent-capable outbound call skill — not flagged here, but note autonomous invocation allows the agent to place calls if permitted.
Assessment
This skill appears to do what it says, but before installing: (1) confirm you trust ElevenLabs with your API key and that the provided endpoint (api.elevenlabs.io/v1/convai/twilio/outbound-call) is legitimate; (2) be aware calls may incur charges and ensure legal/consent requirements are met; (3) verify the ELEVENLABS_PHONE_NUMBER_ID controls the expected caller number; (4) review the linked GitHub repo/source code if you need provenance (the package lists no homepage); and (5) start by testing with your own number and a scoped/rotatable API key, and consider whether you want the agent allowed to invoke the skill autonomously.

Like a lobster shell, security has layers — review code before you run it.

latestvk97668a564wvnhhdkkqyyrtd2981atbg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvELEVENLABS_API_KEY, ELEVENLABS_AGENT_ID, ELEVENLABS_PHONE_NUMBER_ID
Primary envELEVENLABS_API_KEY

Comments