ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

zzz

v1.0.2

Advanced AI voice assistant for phone calls. Capable of persuasion, sales, restaurant bookings, reminders, and notifications.

0· 262·0 current·0 all-time
byFreeFly@mrsz·duplicate of @mrsz/polly-reach
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill is an AI telephony assistant and requests a Vapi API key, assistant ID, phone-number ID, and a public webhook URL; these are appropriate and expected for making/receiving telephony callbacks. Required binary (python3) and requests dependency are proportional. Minor metadata inconsistency: skill name in the registry input ('zzz') doesn't match SKILL.md/package (vapi-calls), and package.json lists envs but registry primary credential is 'none' despite VAPI_API_KEY being required.
Instruction Scope
SKILL.md and the included script explicitly instruct the agent to start an HTTP server and require the host machine be reachable from the internet (Cloudflare Tunnel/ngrok). The runtime code only reads the declared environment variables (plus optional LLM provider/model), calls the documented API endpoint (https://api.vapi.ai/call), handles webhooks for the expected call ID, and writes per-call JSON logs under ~/.openclaw/workspace/logs. No instructions to read other system files or unrelated credentials were found, but the requirement to expose a local port is a meaningful operational risk that users must evaluate.
Install Mechanism
This is instruction-only with a small Python script bundled. No external download URLs or archive extraction are used; package.json runs a chmod on the script during postinstall. No high-risk install mechanism detected.
Credentials
Required env vars (VAPI_API_KEY, VAPI_ASSISTANT_ID, VAPI_PHONE_NUMBER_ID, WEBHOOK_BASE_URL) are relevant to telephony and appear justified. Optional VAPI_LLM_PROVIDER and VAPI_LLM_MODEL are reasonable. One minor inconsistency: the registry metadata lists no primary credential while the skill clearly depends on a sensitive API key (VAPI_API_KEY).
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It spawns an HTTP server bound to 0.0.0.0 on a user-specified port and writes call logs under the user's home directory; this is expected for a webhook-based telephony skill but is a persistence/attack surface consideration (open port, reachable webhook).
Assessment
This skill appears to do what it claims (make automated AI phone calls) and requires the Vapi API key, assistant and phone-number IDs, plus a public webhook URL. Before installing: - Treat the host running this skill as an internet-facing service: prefer an isolated VM/container, not your personal laptop or a machine with sensitive data. - Use a dedicated Vapi API key with the minimum required permissions and be prepared to rotate it if needed. - Limit the exposure of the webhook (use Cloudflare Tunnel or a reverse proxy with access controls) and avoid long-lived public ngrok URLs tied to your primary account. - Confirm the package source/repository (SKILL.md references a GitHub repo) and verify the publisher; the registry metadata has minor inconsistencies (skill name/owner vs. files). - Review logs written to ~/.openclaw/workspace/logs and ensure they don't contain PII you want to avoid storing locally; consider redirecting logs to a controlled location. - Ensure you comply with laws and platform policies for automated calls and consent in your jurisdiction. If you need higher assurance, request the publisher to declare the primary credential and confirm the canonical repository or run the code in a sandboxed environment and audit network traffic.

Like a lobster shell, security has layers — review code before you run it.

latestvk977heey70jwy8ajcg0par08en82qe6h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3
EnvVAPI_API_KEY, VAPI_ASSISTANT_ID, VAPI_PHONE_NUMBER_ID, WEBHOOK_BASE_URL

Comments