ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

call-pro

v1.0.0

Call management system with preparation, real-time capture, and follow-up tracking. Use when user mentions phone calls, meetings, conversations, commitments...

0· 41·0 current·0 all-time
by@pratilsudra
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The SKILL.md promises a full call management suite (preparation, real-time capture, end-call processing, follow-ups) and references many scripts and reference files, but the bundle only includes a single prep_call.py and no other scripts or reference files. Registry metadata (name/slug/version/ownerId) also disagrees with the supplied _meta.json, suggesting the package may have been repackaged or truncated.
!
Instruction Scope
Runtime instructions call many scripts (capture_fragments.py, end_call.py, draft_followup.py, etc.) and refer to storage under memory/calls/, yet only scripts/prep_call.py is present and that script uses a different path (~/.openclaw/workspace/memory/calls). The SKILL.md asserts 'All data stored locally' and 'No external CRM', which the provided code does not contradict — but the missing scripts mean the declared runtime behavior cannot be verified and the agent may fail or try to perform undefined actions.
Install Mechanism
No install spec is provided (instruction-only skill with included files). This is low-risk from an automatic-install perspective because nothing will be downloaded or executed outside the bundle, but the bundle's inconsistencies (missing scripts/refs) remain a concern.
Credentials
The skill declares no required environment variables or credentials and the included prep_call.py similarly does not request secrets. However, the script reads from the user's home path (~/.openclaw/workspace/memory/calls), so it will access local files if present — consistent with a local-only data model but worth verifying that no other missing scripts would attempt network access.
Persistence & Privilege
The skill does not request persistent/always-on privileges and defaults to normal invocation behavior. There is no install-time step that modifies other skills or system-wide settings in the provided bundle.
What to consider before installing
This package is inconsistent: metadata (slug/owner/version) does not match the registry entry, the README references many scripts and reference files that are not included, and the storage path in the README (memory/calls/) differs from the actual script (~/.openclaw/workspace/memory/calls). Before installing or enabling: 1) Ask the publisher for the complete source (all referenced scripts and the referenced reference files). 2) Confirm the correct authoritative metadata and publisher identity (ownerId/slug/version). 3) Inspect any missing scripts (capture_fragments.py, end_call.py, etc.) for network calls, credential use, or file writes. 4) If you must test now, run in an isolated environment (VM) and back up or inspect ~/.openclaw/workspace before use. 5) If you expect strict local-only behavior, request an explicit statement and full code for all referenced components; do not trust the skill until the missing pieces and path inconsistencies are resolved.

Like a lobster shell, security has layers — review code before you run it.

latestvk970p20zxychfmb1c0zzzpmgth83rmt8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments