Gemini Live Phone
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill appears to be a real Twilio-to-Gemini phone bridge, but it includes public call-making functionality and hard-coded external/account defaults that need careful review before use.
Before installing, review the full bridge code and run it only with PUBLIC_URL, TWILIO_ACCOUNT_SID, and TWILIO_FROM set to values you control. Do not expose the outbound-call endpoint publicly unless you add authentication, Twilio signature validation, recipient restrictions, and rate limits.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If exposed as documented, someone other than the intended user could potentially trigger calls, create Twilio charges, or abuse the service to contact arbitrary numbers.
The skill documents an internet-exposed endpoint that can initiate outbound phone calls, but the example and setup text do not show authentication, recipient allow-listing, rate limiting, or explicit approval controls.
`/gemini-live/call` | POST | Initiate outbound call ... `curl -X POST https://your-domain/gemini-live/call` ... `The bridge must be accessible from the internet`
Protect the outbound-call endpoint with authentication and authorization, validate Twilio webhook signatures, restrict allowed destinations, add rate limits, and avoid exposing control endpoints directly to the public internet.
If the user does not override this setting, phone-call webhooks or media routing could be directed to an external domain instead of the user’s own bridge.
The bridge has a non-local, third-party-looking default public URL for its call/webhook flow, while the SKILL.md instructions tell users to use their own domain and do not clearly call out this default.
public_url: str = os.getenv("PUBLIC_URL", "https://athena.abfs.tech/gemini-live")Remove the hard-coded external default or fail closed until PUBLIC_URL is explicitly set to a domain controlled by the installer; document exactly where call audio and webhook data are sent.
Users may accidentally run the bridge with account/phone defaults they do not control, or fail to understand which Twilio identity is being used for outbound calls.
The code combines a required Twilio auth token with hard-coded default account and phone-number values, making the account boundary unclear unless the user knows to override additional environment variables.
twilio_account_sid: str = os.getenv("TWILIO_ACCOUNT_SID", "ACbdb5def0f217c61d3eea837e4807c0ce") ... twilio_auth_token: str = os.getenv("TWILIO_AUTH_TOKEN", "") ... twilio_from: str = os.getenv("TWILIO_FROM", "+17866558779")Require TWILIO_ACCOUNT_SID and TWILIO_FROM to be explicitly provided, remove embedded account/number defaults, and document the exact Twilio permissions and billing impact.