Agentphone Skills
ReviewAudited by ClawScan on May 18, 2026.
Overview
This skill is transparent about providing phone/SMS abilities, but it needs review because it can buy phone numbers, contact real people, and tells the agent to store a live API key in persistent memory.
Install only if you intentionally want your agent to manage a real phone number, send SMS, and make calls. Use a dedicated API key stored in an environment variable or secret manager, not persistent memory. Require confirmation before purchases, outbound calls or texts, autonomous conversations, releases, and deletes, and monitor usage/billing and webhook configuration.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could accidentally or unexpectedly incur phone-number costs, send messages, or place calls to real people if given broad autonomy.
These documented tools can spend account resources and initiate real-world communications with third parties; the artifacts do not show explicit confirmation, recipient, or spending limits around those actions.
buy_number — Purchase a new phone number ... send_message — Send an outbound SMS ... make_conversation_call — Place a phone call where the AI holds an autonomous conversation.
Require explicit human confirmation before purchases, outbound SMS/calls, autonomous conversations, releases, and deletes; set billing, recipient, and usage limits where the service allows.
If the key is stored in memory, future prompts or compromised context could expose or misuse it to manage numbers, calls, SMS, and account resources.
The skill explicitly permits storing a live API key in persistent agent memory, which can be reused, exposed, or over-trusted across future tasks and is not a proper secret store.
Save your `api_key` immediately. Store it in an environment variable or your persistent memory. Never paste it into chat.
Store the API key only in an environment variable, secret manager, or scoped credential vault; avoid persistent agent memory and rotate the key if it was saved there.
Anyone or any agent with the key may be able to act through the AgentPhone account according to that key's permissions.
The skill expects an account API key, which is purpose-aligned for AgentPhone but grants delegated authority over phone numbers, messages, calls, and account data.
export AGENTPHONE_API_KEY=your_key_here
Use a dedicated, least-privilege key if available; keep it out of chat logs, rotate it periodically, and revoke it when no longer needed.
Call or conversation contents could be sent to a webhook endpoint; a misconfigured endpoint could expose sensitive communications.
Webhook mode intentionally sends conversation turns to an external endpoint, which is purpose-aligned but creates a data boundary that users must secure.
`webhook` — AgentPhone forwards each turn to your HTTP endpoint.
Use only trusted HTTPS webhook endpoints, authenticate webhook traffic if supported, and avoid sending sensitive personal data unless necessary.
Installing through an external package manager depends on the integrity of that package and registry resolution.
The README's setup path uses an external package-manager command; this is common and user-directed, but users should verify provenance because the provided artifact has no runnable code to inspect.
npx skills.sh install agentphone
Install only from a trusted source, prefer pinned versions when possible, and confirm the package name and publisher before running the command.