ClawHub

phone call agent

Security checks across malware telemetry and agentic risk

Overview

This skill performs the disclosed job of making user-confirmed outbound phone calls, but it handles sensitive phone numbers, call context, and local call logs.

Install only if you trust the skill.black calling service and are comfortable sending phone numbers and call context to it. Require explicit confirmation before every call, avoid casual use of the force-call option, prefer environment variables for the API key, and periodically delete or protect the local memory/skills logs because they can contain phone numbers and conversation transcripts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill clearly uses sensitive capabilities: reads environment variables for API keys, writes local logs containing PII, stores secrets/config files, and sends data to a remote telephony API, yet it declares no explicit permissions. This creates a transparency and consent gap: a host may not surface the real access scope to users, and the skill handles personal data without machine-readable permission boundaries.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The script stores full call records locally, including phone numbers and message contents, in a JSONL file under the skill directory. This creates unnecessary retention of sensitive personal data and conversation content, increasing exposure if the host is shared, backed up insecurely, or later accessed by other tools.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The script persists phone numbers and full call transcripts, including chat logs, into local JSONL files under the skill memory directory. These records can contain highly sensitive personal or business information, and storing them without minimization, retention limits, access controls, or encryption increases the risk of privacy breaches and unauthorized disclosure.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
Local query mode allows retrieval and display of previously stored call records and transcripts from disk, which broadens exposure of sensitive data beyond the immediate call workflow. If other users, tools, or processes can invoke this script or access its output, historical conversations and phone numbers may be disclosed without adequate authorization checks.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger conditions are broad and based on common call-related phrasing such as '打电话' or '电话沟通', which can cause the skill to activate in ambiguous contexts. Because this skill can initiate real outbound phone calls and transmit conversation context to a third party, accidental invocation has meaningful privacy, cost, and mis-action risk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The API explicitly supports placing outbound calls and later retrieving full chat logs, but the reference does not document consent, privacy expectations, retention, or sensitive-data handling. In a voice-calling skill, this omission increases the risk of collecting, transmitting, and exposing personal or confidential information without adequate safeguards or user awareness.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The document tells users to store the API key in an environment variable or local secrets file but does not include basic key-protection guidance. This can lead to accidental exposure through source control, permissive file permissions, logs, screenshots, or shared environments, enabling unauthorized outbound calling and transcript access.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script sends the target phone number and message content to a remote service immediately, without any confirmation step or clear disclosure at send time. In a voice-calling skill, this can lead to accidental disclosure of personal data or unintended outbound contact, especially when messages may contain sensitive instructions or third-party information.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script writes sensitive call details, including phone numbers and message contents, to a local tracking file without any explicit warning. This silent persistence increases privacy risk because users may reasonably expect a call tool to place a call, not retain full conversation payloads on disk.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script writes sensitive call data, including phone numbers and conversation logs, to local storage without any consent flow, warning, or transparency to the user about retention. In a phone-call agent, this is particularly risky because calls often contain personal, financial, scheduling, or confidential business content, making silent persistence a meaningful privacy and compliance issue.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal