Back to skill
Skillv1.0.1
VirusTotal security
Gemini Live Phone · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:59 AM
- Hash
- 26de5aa3dff99d9348016dec0082ed3b63d066e868b8fd97a630595e805118e8
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: gemini-live-phone Version: 1.0.1 The skill bridges Twilio calls to the Gemini Live API but contains hardcoded configuration defaults in `scripts/bridge.py` that point to external infrastructure. Specifically, it includes a hardcoded Twilio Account SID and a default `public_url` pointing to `athena.abfs.tech`. If a user fails to override these defaults via environment variables, outbound calls initiated through the bridge will attempt to fetch TwiML instructions and send status callbacks to this external domain, potentially leading to call hijacking or metadata exfiltration. While these may be remnants of development, they represent a significant security risk.
- External report
- View on VirusTotal