ClawHub

outbound call pro

Security checks across malware telemetry and agentic risk

Overview

This skill clearly performs outbound AI phone calls and discloses that it sends and stores phone numbers and conversation content, but users must treat it as a sensitive telephony integration.

Install only if you trust the skill.black service and have authorization to place calls to the recipients. Review each confirmation carefully, avoid sending sensitive conversation details, keep OUTBOUND_API_KEY out of source control, and periodically delete or secure the local memory/skills JSONL logs because they can contain phone numbers and transcripts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
75% confidence
Finding
The trigger conditions are broad enough to activate on ordinary 'help me call someone' requests without clearly limiting use cases, regulated contexts, or consent-sensitive scenarios. In a telephony skill that can place outbound calls and transmit conversation context to a third party, overbroad triggering increases the chance of unintended invocation, privacy violations, or actions taken without sufficiently specific user intent.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The API explicitly transmits phone numbers and conversation content to a third-party outbound calling service, but the documentation provides no privacy notice, consent requirements, retention guidance, or warning about disclosure of personal/sensitive data. In a telephony skill handling real user conversations and +86 phone numbers, this omission can lead to unauthorized sharing of personal data, regulatory noncompliance, and unsafe downstream use by integrators.

Missing User Warnings

Low
Confidence
77% confidence
Finding
The credential storage section tells users to place the API key in an environment variable or local secrets file, but it does not warn about file permissions, secret leakage into logs/shell history, source control exposure, or least-privilege handling. While this is documentation weakness rather than direct key exposure, it can contribute to insecure deployment practices and accidental credential compromise.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script persists highly sensitive call data locally, including phone numbers and full conversation logs, into JSONL files under the skill directory without any consent gate, retention control, redaction, encryption, or access restriction. In the context of an outbound calling skill, this data can contain personal data and confidential conversation content, so local persistence materially increases privacy, compliance, and secondary exposure risk if the host is shared or compromised.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal