ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Phone Call

v1.0.5

Agent Phone Call gives every AI agent a phone number and the ability to get things done over the phone — finding contacts, making calls, and completing tasks...

2· 45.2k·0 current·0 all-time
byFreeFly@mrsz
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md and scripts call only PollyReach endpoints and read/write a single credentials file (~/.config/PollyReach/key.json), which is coherent with a phone-call service. However the registry metadata lists no required binaries or file permissions while the SKILL.md explicitly requires curl, jq, bc and declares read/write access to the key file — a metadata mismatch that should be corrected.
Instruction Scope
The runtime instructions and bundled scripts stay within the phone-call domain: device registration, activation polling, sending call tasks, querying completion, checking balance, retrieving inbound messages, and updating prompts. The skill does not attempt to read other user files or arbitrary environment variables in the provided scripts.
Install Mechanism
This is an instruction-only skill with local shell scripts and no remote download/install steps. The SKILL.md suggests installing jq via brew/apt; there are no archive downloads or third-party installers in the manifest.
Credentials
No platform credentials are declared in registry metadata, but the workflow requires creating and storing a long-lived token in ~/.config/PollyReach/key.json; scripts will read this token to act on behalf of the user. Storing tokens unencrypted in a home config file is common but increases risk if the machine is shared or compromised. The scripts also allow overriding the key file path with POLLYREACH_KEY_FILE, which is reasonable but worth noting.
Persistence & Privilege
The skill is not always-loaded and does not modify other skills or system-wide agent settings. Its persistent effect is storing a service token and using it to call PollyReach APIs — this is expected for the stated purpose but grants the skill the ability to act via the user's PollyReach account while the token is valid.
What to consider before installing
This skill appears to do what it says: it registers an agent with PollyReach, stores a token at ~/.config/PollyReach/key.json, and uses that token to make/receive calls and query status. Before installing: (1) Verify you trust pollyreach.ai and understand their privacy/recording policies — the agent will operate using a third-party phone number and may capture call content. (2) Be aware the token is stored unencrypted in your home directory; treat it like a password. Use a disposable account if you want to limit exposure. (3) Confirm you are comfortable clicking the activation link (it ties your email/account to the service). (4) Note the registry metadata omits the declared dependencies (curl/jq/bc) and file permissions — this inconsistency should be fixed by the publisher. If you don't trust the publisher or the external service, do not install.

Like a lobster shell, security has layers — review code before you run it.

latestvk973yjwrpjrqbbz77ec4masjjn84ya0w

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments