ClawHub

AgentCall

Security checks across malware telemetry and agentic risk

Overview

This is a high-impact telephony skill, but its phone, SMS, AI-call, callback, billing, and memory behaviors are disclosed and fit its stated purpose.

Install this only if you want an agent to use AgentCall for real phone/SMS activity. Before use, confirm recipients, message or call purpose, recording, language choice, budget, and any persistent receptionist, schedule, webhook, or memory setting; prefer language auto-detect unless the recipient or business context clearly calls for a fixed language.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill exposes an unauthenticated callback-request endpoint that triggers real-world outbound contact to a third party. Even though the docs mention rate limits and deduplication, including this capability in a general-purpose skill without strong purpose scoping or explicit user-consent gating creates abuse potential for spam, harassment, or unauthorized outreach.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The skill explicitly documents forcing a specific spoken language on inbound callers, which can materially alter or degrade consent, comprehension, and service quality for the called party. While not a classic code-execution issue, it is a policy/safety vulnerability because it enables real-world communications to proceed in a language the other party may not understand without any recipient opt-in or fallback.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The outbound calling guidance permits setting a forced language for a live human recipient based solely on the caller's preference, not the callee's consent or understanding. This creates risk of deceptive or non-consensual contact, especially for appointment booking or information requests where the recipient may be unable to understand disclosures, purpose, or recording notices.

Natural-Language Policy Violations

Medium
Confidence
78% confidence
Finding
The documentation explicitly allows forcing inbound AI to respond only in a specified language, but it does not require obtaining user approval for that behavioral change. In a communications skill, changing language behavior can materially alter interactions with real callers and may misrepresent service capabilities or exclude speakers unexpectedly.

Natural-Language Policy Violations

Medium
Confidence
82% confidence
Finding
The outbound call guidance states that the AI can be forced to speak only a specific language when contacting recipients, without requiring explicit user opt-in or acknowledging recipient-consent implications. Because this affects live calls to real people, it increases the risk of deceptive or inappropriate outreach and could create confusion or social-engineering opportunities.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal