Back to skill

Security audit

agent-call

Security checks across malware telemetry and agentic risk

Overview

This Twilio calling skill is purpose-aligned, but it needs Review because it can contact and record real people, spend Twilio funds, handles sensitive call data with weak safeguards, and has an unsafe message-handling bug.

Review before installing. Use only a restricted Twilio subaccount, keep credentials in a secret manager or tightly permissioned file, require explicit confirmation for every outbound call/SMS or batch, allowlist recipients where possible, set spend/rate limits, and disable recording/transcription unless required consent and retention controls are in place. Do not pass untrusted message text to make-call.sh until the Python command construction is fixed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README promotes autonomous phone calls and SMS messaging and includes pricing, but it does not warn about consent, privacy obligations, recipient authorization, rate limits, or the risk of unintended charges. In a skill designed to automate communications with real phone numbers, omission of these safeguards can directly enable misuse such as spam, harassment, privacy violations, and bill shock.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill promotes call recording and transcription but does not prominently warn about consent, jurisdiction-specific recording laws, or handling of sensitive audio/transcript data. In practice, agents using this skill could record or transcribe people without proper notice, creating privacy, legal, and compliance risk beyond ordinary telephony use.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill describes autonomous outbound calling, emergency broadcasts, and lead-calling workflows that can affect third parties at scale, but it lacks clear guardrails about authorization, anti-spam/robocall compliance, opt-in requirements, or disruption risk. This makes misuse easier and increases the chance of harassment, spam, or noncompliant automated calling campaigns.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script enables call recording for appointment reminder calls by passing --record true, but neither the generated message nor the script output indicates that the callee will be recorded. In many jurisdictions and regulated environments, recording calls without clear notice and consent can create legal, privacy, and compliance exposure, especially because the call content includes appointment details and provider names.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script downloads a Twilio call recording to a local file without any warning, confirmation, or protective handling, which can expose highly sensitive voice content on disk. In an agent skill context, this is risky because recordings may contain personal, financial, or authentication data and may be written to insecure locations or retained unintentionally.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script retrieves and prints transcription text directly to terminal output without warning that sensitive conversational content will be exposed in cleartext. Terminal output may be captured by logs, shell history tooling, CI systems, shared consoles, or agent traces, making unintended disclosure of private call content more likely.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script enables call recording and optional transcription via command-line flags without any built-in consent check, warning, or jurisdiction-aware safeguard. In an agentic calling context, this can cause unlawful recording or privacy violations if the operator or downstream agent enables these features without notifying call recipients.

Session Persistence

Medium
Category
Rogue Agent
Content
2. **Configure Twilio Credentials:**

Create `~/.clawdbot/twilio-config.json`:
```json
{
  "accountSid": "YOUR_ACCOUNT_SID",
Confidence
82% confidence
Finding
Create `~/.clawdbot

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.