Gv Caller

This skill does what it claims (automated Google Voice calling with injected audio), but there are several red flags you should resolve before installing or running it: - Protect your Google credentials: the engine reads a cookie file with account session cookies. Confirm where you will store google_voice_cookies.json and avoid putting it in shared/root workspaces. The code currently reads '/root/.openclaw/workspace/google_voice_cookies.json' (hardcoded) — ask the author to make this path configurable or change it to the skill directory before use. - Verify dependencies: you must install Node.js, puppeteer-core (and matching Chromium), ffmpeg, and provide the 'openclaw tts' CLI the script expects. The registry metadata does not declare these; ensure they are present and trustworthy. - Run in isolation: because the skill automates a real Google account and uses session cookies, test it in an isolated environment or with a throwaway Google Voice account to avoid accidental exposure or misuse. - Review and/or patch code: the hardcoded '/usr/bin/chromium' path and '/root/.openclaw/workspace/...' cookie location are brittle and surprising. Change these to configurable options (read from the skill's directory or arguments) and avoid requiring root paths. - Legal/ethical caution: automated outbound calling may be subject to local laws and abuse policies; do not use for harassment or fraud. If the author provides a fixed release that (a) declares required binaries/dependencies, (b) makes the cookie path configurable and documented, and (c) does not read root/shared workspaces by default, this would substantially reduce the concerns.