Skillv1.0.4

ClawScan security

ai phone call · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 15, 2026, 1:04 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement an outbound-calling integration that matches its description, but there are inconsistencies in the declared metadata and it collects/transmits PII (phone numbers and conversation text) to an external service and persists them locally — review before installing.
Guidance: This skill appears to be what it claims — an AI outbound-calling helper — but exercise caution: (1) SKILL.md and the included scripts require OUTBOUND_API_KEY (and optionally OUTBOUND_BASE_URL) even though the registry summary omitted these; don't rely on the registry summary alone. (2) Calls send phone numbers and conversation text to the external service (https://www.skill.black by default) and store PII locally in memory/skills/requests.jsonl and costs.jsonl — only install if you trust the API provider. (3) The skill instructs you to get explicit user confirmation before calling, but that is an instruction-level check; verify your agent actually enforces it. (4) If you decide to use it, consider: create/restrict the API key, verify or set OUTBOUND_BASE_URL before use, periodically delete the local memory files if you don't want logs retained, and inspect the scripts yourself. The metadata inconsistencies lower my confidence — request the publisher fix the manifest to clearly declare required env vars and binaries before deploying widely.

Review Dimensions

Purpose & Capability: noteFunctionality (making calls to Chinese mobile numbers via an Outbound API) aligns with the name/description: the included scripts call https://www.skill.black endpoints and require an API key. However the registry-level metadata shown at the top of the evaluation (Required env vars: none; Required binaries: none; instruction-only) contradicts the SKILL.md which declares a required binary 'uv' and a required env var OUTBOUND_API_KEY. This metadata mismatch is unexplained and reduces trust.
Instruction Scope: concernRuntime instructions and scripts explicitly collect phone numbers and conversation context, transmit them to the external Outbound AI service, and persist PII to local files (memory/skills/requests.jsonl and memory/skills/costs.jsonl). The SKILL.md requires showing a confirmation card to get user consent before calling, which is good, but that is a procedural requirement enforced by instructions, not a technical guarantee. There is no other hidden data collection in the scripts; network calls are limited to the declared API endpoint (or a user-specified base URL).
Install Mechanism: okNo install spec or external downloads — code is included in the skill bundle and runs via the provided Python runner ('uv'). No additional packages or remote installers are fetched, so install risk is low.
Credentials: concernThe skill legitimately requires an API key (OUTBOUND_API_KEY) and optionally OUTBOUND_BASE_URL. That is proportionate for an external telephony API. However the registry summary at the top incorrectly lists no required env vars/credentials while SKILL.md and the scripts require OUTBOUND_API_KEY; this inconsistency should be resolved before trusting the package. The scripts also look for a local config file (~/.openclaw/secrets/outbound.json), which is acceptable but should be noted by users storing keys on-disk.
Persistence & Privilege: noteThe skill writes per-call and per-record JSONL files under its own memory/skills directory (requests.jsonl and costs.jsonl). This is expected to track request state and call logs, but these files contain PII (phone numbers, transcripts). The skill does not request broad system privileges nor modify other skills; always:false and normal autonomous invocation settings are used.