v1.0.0

Ringg Voice Agent

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:26 AM.

Analysis

The skill is a plausible Ringg integration, but it gives an agent high-impact phone-call, campaign, credential, and webhook authority with limited declared safeguards.

GuidanceReview this carefully before installing. Only use it with a least-privilege Ringg API key, require confirmation before placing calls or launching campaigns, verify all recipient lists and legal consent requirements, and configure webhooks with signing secrets and strict validation.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

When the user says "call +91XXXXXXXXXX" or "make a call to [name/number]", use this action. ... When the user asks to "launch a campaign", "start calling a list", or "run outbound calls for [list/segment]", use this action.

These instructions direct the agent to initiate real phone calls and bulk calling campaigns via raw API calls, but the provided artifacts do not show explicit confirmation, recipient validation, campaign-size limits, or rollback controls.

User impactA mistaken or overly broad agent action could place unwanted calls or launch a campaign to many contacts.

RecommendationRequire explicit user confirmation before every outbound call or campaign launch, show the assistant, from-number, recipients, message variables, schedule, and campaign size, and add limits or policy checks for bulk calling.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

metadata

Required env vars: none; Env var declarations: none; Primary credential: none

The registry does not declare credentials, but SKILL.md requires `RINGG_API_KEY` and `RINGG_WORKSPACE_ID`; that API key is used for calls, campaigns, assistant management, call history, analytics, transcripts, and webhooks.

User impactUsers may not realize installation grants the agent access to a Ringg workspace with authority to read call data and perform account-changing actions.

RecommendationDeclare `RINGG_API_KEY` and `RINGG_WORKSPACE_ID` in metadata, document the exact permissions needed, prefer least-privilege or action-scoped tokens, and separate read-only analytics access from call/campaign execution access where possible.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Expose OpenClaw's webhook endpoint: `ngrok http 18789` ... OpenClaw will receive POST payloads with call events that can trigger agent actions.

The skill instructs exposing a local OpenClaw webhook endpoint to receive external POST events that may trigger agent actions, but does not clearly require signature verification, origin checks, or strict action boundaries.

User impactForged or misrouted webhook events could feed untrusted call data into the agent or trigger follow-on actions unexpectedly.

RecommendationUse signed webhooks with a required secret, validate timestamps and event origins, restrict the public tunnel, treat webhook payloads as untrusted input, and require human approval before webhook-triggered actions affect accounts or contacts.