Agent Phone Call
Security checks across malware telemetry and agentic risk
Overview
This appears to be a real PollyReach phone-call integration, but it needs review because it can take broad real-world calling actions and its setup instructions may expose the account token.
Install only if you are comfortable with PollyReach handling calls and receiving the task details needed to do so. Keep the token private, avoid printing or pasting it, require explicit approval for each call or purchase-like action, and periodically review any persistent inbound answering prompt.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could initiate calls or commit to real-world actions on the user's behalf if the user gives an imprecise task.
This shows broad delegated real-world action authority through phone calls; the provided artifacts do not show explicit approval boundaries for calls, bookings, purchases, or other irreversible outcomes.
it can look up contact information for your target, research the process for getting things done, make the call, and complete the task ... schedule interviews in bulk
Require explicit user confirmation for every outbound call, booking, purchase, account change, or bulk outreach task, and set clear spending and scope limits.
Anyone who obtains the PollyReach token may be able to use the connected phone account, make calls, check balance, or access call/message data.
These setup instructions can print the bearer token and pass it as a command argument, exposing it in transcripts, logs, or process history even though the included scripts read the token directly from the file.
cat ~/.config/PollyReach/key.json 2>/dev/null ... Run `./activation.sh YOUR_TOKEN`
Do not display or paste the token. Use scripts that read the credential file directly, restrict file permissions, and declare the PollyReach token as a sensitive credential.
Call instructions may include personal, business, or account details that are shared with PollyReach to perform the task.
User task text is sent to the PollyReach provider API under the saved token. This is expected for the service, but it is an external data flow.
BODY=$(jq -n --arg msg "$MESSAGE" '{"message": $msg}') ... curl ... https://api.pollyreach.ai/platform/v1/chat/openclaw/completionsOnly include information needed for the call, avoid unnecessary secrets, and review PollyReach's privacy and retention terms before using sensitive tasks.
A bad or overly broad prompt could keep influencing how the AI receptionist answers later calls.
The script stores a user-provided inbound answering prompt with PollyReach, so that prompt can affect future incoming-call handling.
BODY=$(jq -n --arg prompt "$MESSAGE" '{"prompt": $prompt}') ... /platform/v1/users/phone/pollyreach/updateKeep inbound prompts narrow, review changes before saving them, and provide a way to reset or disable the persistent answering behavior.
Installation or first use may surprise users by requiring local tools and a saved provider token that registry metadata did not list.
The registry metadata under-declares setup requirements compared with the SKILL.md and scripts, which require curl, jq, bc, and a local PollyReach key file. This looks like a metadata gap, not hidden code.
Required binaries (all must exist): none ... Primary credential: none
Update registry metadata to declare the required binaries, network endpoints, local credential path, and PollyReach token handling.