ClawHub

Talk

v1.0.0

Set up real-time voice conversations. Phone calls, voice agents, live speech.

2· 1.2k·6 current·6 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (real-time voice, phone calls, voice agents) match the content of SKILL.md, config.md, and providers.md. The providers and settings referenced (ElevenLabs, Twilio, Telnyx, ngrok/cloudflared/tailscale) are expected components for the stated purpose.
Instruction Scope
SKILL.md itself is minimal and appropriately asks questions and points to config/providers docs. The supporting docs include actionable setup snippets (API keys, webhooks) and a note about 'memory injection' (MEMORY.md loaded into calls) in the advanced integration — that can move sensitive data into live calls if used and is out-of-band from the simple configuration guidance, so users should be warned.
Install Mechanism
No install spec and no code files are included, so nothing is written to disk or auto-installed by the skill. This is the lowest-risk install posture for a skill.
Credentials
The skill metadata declares no required env vars, which is consistent with being instruction-only. The docs do ask the user to provide provider API keys / tokens (Twilio account SID/auth token, ElevenLabs/OpenAI API keys, Telnyx keys) — those are proportional to interacting with those services, but they are sensitive and should be supplied only to configured provider integrations, not pasted into public places.
Persistence & Privilege
always is false and there is no code that would persist or modify other skills or system settings. The skill does not request elevated or permanent platform privileges.
Assessment
This skill is documentation and setup guidance only — it doesn't install code. Before using it: (1) Be prepared to supply provider API keys (Twilio/Telnyx/ElevenLabs/OpenAI) — treat them as secrets and use least-privilege keys where possible. (2) Public webhook tunnels (ngrok, tailscale, cloudflared) expose a local endpoint — prefer short-lived tunnels or allowlists for incoming calls. (3) The docs mention 'memory injection' (loading MEMORY.md into calls) and cost tracking — avoid loading any sensitive personal data into memories that will be spoken on calls. (4) Confirm billing/cost implications for per-minute voice usage and set inbound allowlists to avoid abuse. (5) Verify provider accounts and webhook URLs before enabling phone call integrations. If you want higher assurance, request a version of the skill from a known source or one that includes code you can review; otherwise the content is coherent but sensitive by nature.

Like a lobster shell, security has layers — review code before you run it.

latestvk974rz0gtmbkr8e8gf7nqrxqb180zkwp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📞 Clawdis
OSLinux · macOS · Windows

Comments