Skillv1.0.7

ClawScan security

Phone Calls - Call-E · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 27, 2026, 8:05 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose (installing and enabling a Call‑E OpenClaw plugin and teaching the agent how to use its tools); it modifies local OpenClaw config and may restart the gateway, and the only notable risk is installing a remote script via curl|bash which you should explicitly approve.
Guidance: This skill looks coherent for installing and using a Call‑E OpenClaw plugin, but pay attention before installing: (1) Running the bundled script is safer than piping a remote script directly; if you must use the curl fallback, inspect the script on GitHub first. (2) The script will write to ~/.openclaw/openclaw.json and may restart the OpenClaw gateway — back up that file if you want to revert. (3) Real phone calls may incur costs and privacy/compliance implications; confirm the user explicitly wants to place real calls. (4) Verify the upstream repository (https://github.com/CALLE-AI/call-e-integrations) and package @call-e/openagent if you need higher assurance. If you are unsure, run the setup in a controlled environment or decline the install.

Review Dimensions

Purpose & Capability: okName/description, required binaries (openclaw and node), included setup script, and runtime instructions all align with installing and enabling a Call‑E plugin and exposing calle_* tools. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope: okSKILL.md stays on topic: check for plugin, run packaged setup script (or fetch the same script remotely), enable plugin, merge OpenClaw config, and restart gateway if needed. It includes appropriate safety warnings about real calls and consent and explicitly tells the agent not to use raw HTTP/curl for call actions once tools are available.
Install Mechanism: concernPrimary install is a local setup script bundled with the skill (good). The instructions also allow falling back to piping a script from raw.githubusercontent.com via curl | bash — GitHub raw is a common host but piping remote scripts to a shell is inherently risky. The included script appears benign (merges JSON config, calls openclaw plugin install/enable, may restart gateway), but executing any remote script should be done after verification. No other high‑risk download hosts or obfuscated code were found.
Credentials: okThe skill requests no environment variables or secret credentials. The setup script writes to the user's OpenClaw config (~/.openclaw/openclaw.json) which is expected for enabling a plugin; there is no attempt to read unrelated config or secrets.
Persistence & Privilege: noteThe script modifies the user's OpenClaw config to enable the plugin and add tool IDs, and may restart the gateway — these are privileged local operations but are proportionate to installing a plugin. The skill is not force‑always enabled and does not request system‑wide privileges beyond the OpenClaw gateway interaction.