ClawHub

Ringg Voice Agent

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Ringg integration, but it can make real calls, launch bulk campaigns, and access call records or transcripts without enough documented approval and privacy safeguards.

Review carefully before installing. Use a least-privileged Ringg key if available, require explicit approval before every call or campaign, preview exact recipients and campaign size, confirm lawful consent to contact and record people, restrict transcript/history access, and protect webhooks with HTTPS, signing-secret verification, replay checks, limited subscriptions, and a cleanup process.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (11)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger description is broad enough that ordinary requests about making phone calls could invoke this skill even when the user did not clearly intend to use Ringg. Because the skill can place outbound calls and launch campaigns, overbroad activation increases the chance of unintended external actions, charges, and disclosure of contact data to a third-party service.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill enables sensitive operations—outbound calling, campaign launches, transcript retrieval, analytics access, and webhook-based event sharing—without documenting consent, privacy, or security warnings. In this context, missing safeguards are dangerous because the actions involve telephony, personal data, and call content that may be regulated or highly sensitive.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The API reference describes outbound calling, transcript retrieval, campaign execution, and webhook delivery of call metadata/content, all of which involve privacy-sensitive personal data such as phone numbers, summaries, and potentially conversation content. In a voice-calling skill, omission of explicit privacy, consent, retention, and secure-handling guidance increases the likelihood that downstream integrators will collect or transmit regulated data without appropriate safeguards.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The examples include realistic personal data fields such as phone numbers, names, email addresses, policy numbers, and transcript content, but provide no warning that these are sensitive and should be handled securely. Because this skill is specifically for voice campaigns and call analytics, such examples can normalize unsafe treatment of PII and lead developers to log, store, or forward customer data insecurely.

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Basic outbound call
curl -X POST "https://api.ringg.ai/v1/calls/outbound" \
  -H "Authorization: Bearer $RINGG_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
91% confidence
Finding
curl -X POST "https://api.ringg.ai/v1/calls/outbound" \ -H "Authorization: Bearer $RINGG_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "assistant_id": "<assistant-id>", "to_numb

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Basic outbound call
curl -X POST "https://api.ringg.ai/v1/calls/outbound" \
  -H "Authorization: Bearer $RINGG_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
91% confidence
Finding
https://api.ringg.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
Trigger a batch calling campaign for multiple contacts.

```bash
curl -X POST "https://api.ringg.ai/v1/campaigns/launch" \
  -H "Authorization: Bearer $RINGG_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
90% confidence
Finding
https://api.ringg.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Recent call history
curl -X GET "https://api.ringg.ai/v1/calls/history?limit=20" \
  -H "Authorization: Bearer $RINGG_API_KEY"

# Analytics for a time range
Confidence
86% confidence
Finding
https://api.ringg.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
-H "Authorization: Bearer $RINGG_API_KEY"

# Analytics for a time range
curl -X GET "https://api.ringg.ai/v1/analytics?from=2026-02-01&to=2026-02-06" \
  -H "Authorization: Bearer $RINGG_API_KEY"
```
Confidence
86% confidence
Finding
https://api.ringg.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
### 6. Get Call Transcript

```bash
curl -X GET "https://api.ringg.ai/v1/calls/{call_id}/transcript" \
  -H "Authorization: Bearer $RINGG_API_KEY"
```
Confidence
95% confidence
Finding
https://api.ringg.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
2. Configure the webhook URL in Ringg AI dashboard or via API:
   ```bash
   curl -X POST "https://api.ringg.ai/v1/webhooks" \
     -H "Authorization: Bearer $RINGG_API_KEY" \
     -H "Content-Type: application/json" \
     -d '{
Confidence
96% confidence
Finding
https://api.ringg.ai/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal