Openclaw Voice Call 2026.5.12 Beta.6.Tgz

Package: @openclaw/voice-call (npm) Version: 2026.5.7 Description: OpenClaw voice-call plugin The package implements a complex voice call management system integrating with external providers (Twilio, Telnyx, Plivo) via webhooks and APIs, and uses WebSockets for real-time media streaming. It handles call state management, logging, and AI agent integration for conversational responses. The implementation shows strong security awareness: all outbound network activity uses built-in SSRF protection (`fetchWithSsrFGuard`). Webhook handling enforces signature verification (HMAC-SHA1, Ed25519, HMAC-SHA256) and includes replay attack mitigation. It implements host header validation to prevent injection attacks during URL reconstruction in proxied environments (e.g., ngrok, Tailscale). Data flow includes input validation, body size limits, and sanitization of AI output (forcing strict JSON contract for spoken text). The complexity is warranted by its function as a public-facing webhook and media streaming server.