Vapi AI

Manage Vapi voice assistants, calls, phone numbers, tools, and webhooks via the Vapi REST API or CLI for voice agent operations and integrations.

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 0 · 1.1k · 4 current installs · 4 all-time installs

by@colygon

MIT-0

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The skill's stated purpose (manage Vapi assistants, calls, phone numbers, tools, webhooks) matches the included helper script and API endpoints. However, the registry metadata claims no required environment variables while SKILL.md and the helper script both require VAPI_API_KEY (and optionally VAPI_MODE and VAPI_BASE_URL). This metadata mismatch is likely an oversight but is an incoherence the buyer should be aware of.

ℹ

Instruction Scope

SKILL.md confines runtime actions to calling Vapi's REST API or using the Vapi CLI. The instructions do not ask the agent to read unrelated local files or exfiltrate arbitrary data. They do, however, recommend piping an install script from the network (see install mechanism), which broadens scope implicitly by running external code.

Install Mechanism

There is no formal install spec in the registry, but the README/SKILL.md suggests running curl -sSL https://vapi.ai/install.sh | bash to install the CLI. Download-and-execute-from-network is higher risk — you should inspect that install script's contents or prefer verified package sources before running it. The included helper (bin/vapi-api.mjs) itself is small and readable.

Credentials

Functionality reasonably requires one credential: VAPI_API_KEY, which SKILL.md documents. That is proportionate. But the registry metadata lists no required env vars (incoherent). SKILL.md also references VAPI_MODE and VAPI_BASE_URL for configuration; ensure only the API key is provided to the skill and that it's stored as a gateway secret rather than pasted into logs. No other unrelated credentials are requested.

✓

Persistence & Privilege

The skill does not request always:true, does not modify other skills or global agent settings, and does not request persistent system privileges. Autonomous invocation is allowed (platform default) but not combined with other high-risk flags.

What to consider before installing

This skill appears to be a straightforward Vapi API integration with a small helper script, but: 1) the registry metadata omits the required VAPI_API_KEY — plan to provide that key as a secure gateway secret (don't paste it into public logs); 2) avoid blindly running curl | bash from https://vapi.ai/install.sh — fetch and inspect the installer first or install from a verified package source (GitHub release or package manager) if available; 3) review bin/vapi-api.mjs (it's small and readable) to confirm it only calls the Vapi API; and 4) if you need stronger assurance, request the publisher update the registry metadata to list VAPI_API_KEY and provide a vetted install mechanism or a link to a specific, auditable release.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.1.0

Download zip

latestvk971gp342dsq2peg3vbhdx2z9x80ssag

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Vapi (vapi.ai) — OpenClaw Skill

Use this skill when you need to manage Vapi voice agents (assistants), calls, phone numbers, tools, and webhooks from an OpenClaw agent.

This skill is API-first (Vapi REST) and optionally integrates with the Vapi CLI for MCP docs / local workflows.

What you can do

Create/update/list assistants
Start/inspect/end calls
Manage phone numbers
Create/manage tools (function calling)
Configure webhooks and inspect events

Required secrets

Set one of:

VAPI_API_KEY (recommended) — Vapi dashboard API key.

How to provide the key (recommended)

Store as a Gateway secret/env var (preferred), or
Export in your shell before running helper scripts.

Never paste the key into public logs.

Endpoints

Base URL:

https://api.vapi.ai

Auth:

Authorization: Bearer $VAPI_API_KEY

API reference:

https://api.vapi.ai/api (Swagger)

Tooling options

This skill supports both approaches; you can decide later per deployment.

Set VAPI_MODE=api to prefer REST (default)
Set VAPI_MODE=cli to prefer the Vapi CLI (interactive)

Option A — REST via helper script (works everywhere)

This repo includes a tiny Node helper:

skills/vapi/bin/vapi-api.mjs

Examples:

# list assistants
VAPI_API_KEY=... node skills/vapi/bin/vapi-api.mjs assistants:list

# create assistant
VAPI_API_KEY=... node skills/vapi/bin/vapi-api.mjs assistants:create \
  --name "Claw Con Concierge" \
  --modelProvider openai --model gpt-4o-mini \
  --voiceProvider 11labs --voiceId rachel

# start an outbound call (example shape; see swagger for required fields)
VAPI_API_KEY=... node skills/vapi/bin/vapi-api.mjs calls:create \
  --assistantId asst_xxx \
  --to "+14155551234" \
  --from "+14155559876"

Option B — Vapi CLI (good for interactive ops)

If VAPI_MODE=cli, prefer using the CLI for management tasks and fall back to REST if the CLI isn’t installed.

Docs:

Install:

curl -sSL https://vapi.ai/install.sh | bash
vapi login

Option C — MCP docs server for your IDE

This improves IDE assistance (Cursor/Windsurf/VSCode):

https://docs.vapi.ai/cli/mcp

vapi mcp setup

Agent usage guidance

When the user asks for Vapi changes:

Clarify scope: assistants vs phone numbers vs webhooks vs tool calls.
Prefer read-only queries first (list/get) before destructive changes.
When creating an assistant, ask for:
- assistant name
- model provider/model
- voice provider/voice id
- tools/function calling needs
- webhook URL (if using server events)
When initiating calls, confirm:
- to/from numbers
- assistantId
- compliance constraints (recording, consent)

Files in this skill

skills/vapi/SKILL.md — this file
skills/vapi/bin/vapi-api.mjs — minimal REST helper

Sources

Vapi docs intro: https://docs.vapi.ai/quickstart/introduction
Vapi CLI: https://github.com/VapiAI/cli
Vapi MCP: https://docs.vapi.ai/cli/mcp
Vapi API (Swagger): https://api.vapi.ai/api
Example server (Node): https://github.com/VapiAI/example-server-javascript-node
OpenClaw: https://github.com/openclaw/openclaw

Files

3 total

Select a file

Select a file to preview.

Comments

Loading comments…