Skillv2.0.4

ClawScan security

AgentCall · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 27, 2026, 6:44 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and runtime instructions match its telephony purpose (provision numbers, send/receive SMS, make voice/AI calls) and the single required credential (AgentCall API key) is appropriate for that functionality; nothing in the package appears incoherent or unrelated to its stated purpose.
Guidance: This skill is coherent for telephony use, but review a few practical safety items before installing: - Confirm the API key requirement: claw.json requires AGENTCALL_API_KEY (starts with ac_live_). Ensure you supply a key you control and trust; do not reuse high-privilege or long-lived keys from other services. - Limit exposure: where possible create a project/test API key with limited billing/quotas and rotate it regularly. Set billing alerts because SMS/calls (especially AI voice) can incur real costs. - Privacy and OTPs: the skill can poll for OTPs and receive inbound SMS. Do not point production or sensitive phone numbers at this service unless you understand how messages/transcripts are stored and who can access them. - Webhooks: if you register webhooks, use HTTPS endpoints you control and validate signatures; do not send webhook URLs that expose private infrastructure. - Autonomous actions: because the skill can be invoked autonomously to place calls or send SMS, review what prompts or automation the agent will run to avoid unwanted dialing or messaging. - Metadata inconsistency: the provided packaging has a minor mismatch in the human-readable requirements summary (says no env vars) vs. claw.json (requires AGENTCALL_API_KEY). Ask the publisher to clarify or correct the metadata if this matters for your inventory/automation. If you need stricter control, require manual invocation only and use a limited-scope API key (or a staging account) when enabling this skill.

Review Dimensions

Purpose & Capability: okName, description, and declared capabilities (numbers, SMS, voice, AI voice) align with the instructions and the single required credential (AGENTCALL_API_KEY) in claw.json. The skill declares network permission and billing info consistent with a telephony API. Note: the top-level summary in the provided metadata stated "Required env vars: none," which contradicts claw.json (which requires AGENTCALL_API_KEY); this appears to be a metadata inconsistency but does not change the core purpose-capability coherence.
Instruction Scope: okSKILL.md/instructions.md only describe calls to api.agentcall.co endpoints, use of AGENTCALL_API_KEY, and optional webhook registration to user-controlled HTTPS URLs. The instructions do not direct the agent to read unrelated files, system credentials, or external endpoints beyond agentcall.co and any user-supplied webhook URL. They do include long-polling for OTPs and autonomous AI-call behavior (systemPrompt), which are expected for this feature set.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, which minimizes disk-write/execution risk. No downloads or external install URLs are present.
Credentials: okThe only declared credential in claw.json is AGENTCALL_API_KEY (required). That single API key is proportionate to a telephony integration. There are no requests for unrelated credentials or config paths. (Again, note the metadata inconsistency where the top summary claimed no required env vars.)
Persistence & Privilege: noteThe skill is not always-enabled and allows autonomous invocation (disable-model-invocation=false), which is the platform default. Autonomous use is expected for features like AI voice calls that run without manual intervention — but it increases blast radius: an agent with this skill can autonomously place calls, send SMS, or poll for OTPs and may incur charges. Users should limit API key scope and enable billing/usage alerts.