Ringg Voice Agent
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for Ringg voice calling, but it can initiate outbound and bulk AI phone calls and expose webhook-triggered agent actions without clear confirmation or authentication safeguards.
Install only if you intend OpenClaw to operate your Ringg account. Before use, configure a least-privilege API key, require manual confirmation for every outbound call or campaign, review recipient lists carefully, and secure webhooks with signature verification rather than exposing an unauthenticated ngrok endpoint.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An ambiguous or mistaken prompt could start outbound calls or campaigns, causing cost, reputational, privacy, or legal problems.
The skill exposes high-impact API actions that can contact many third parties, but the artifact does not require explicit confirmation, recipient review, rate limits, or compliance checks before launching calls.
“Trigger a batch calling campaign for multiple contacts.” ... “When the user asks to ‘launch a campaign’, ‘start calling a list’, or ‘run outbound calls for [list/segment]’, use this action.”
Require an explicit confirmation step before any outbound call or campaign, show the full recipient list and calling agent, and enforce limits/allowlists for bulk calls.
Anyone or any agent workflow with access to the configured key may be able to operate the Ringg workspace within that key’s permissions.
A Ringg API key is expected for this integration, but it grants access to workspace actions such as calls, campaigns, assistant management, and transcripts; the registry metadata also does not declare these required credentials.
“A Ringg AI account with API access” and “RINGG_API_KEY environment variable set” plus “RINGG_WORKSPACE_ID environment variable set”.
Use a least-privilege Ringg API key, rotate it regularly, avoid embedding raw secrets in shared config, and update metadata to declare the required credential and environment variables.
If webhook requests are not authenticated, forged or unexpected events could influence agent behavior, and call status or transcript-related data could be handled through an exposed endpoint.
The webhook setup exposes a local OpenClaw endpoint and says incoming events can trigger agent actions, but the shown registration does not include a signing secret or verification requirements.
“Expose OpenClaw's webhook endpoint: ngrok http 18789” ... “OpenClaw will receive POST payloads with call events that can trigger agent actions.”
Require signed webhooks, verify signatures and event origins, restrict the exposed endpoint, and prevent webhook events from triggering high-impact actions without user approval.