Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Amber — AI Phone Assistant & Virtual Receptionist

v5.5.7

AI phone assistant and virtual receptionist for OpenClaw. Answers inbound phone calls, screens callers, makes outbound phone calls, and books appointments —...

⭐ 5· 1.6k·2 current·2 all-time

byAbe Batthish@batthis

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

The name/description (phone assistant) matches the requested env vars and binaries: Twilio credentials, OpenAI keys, PUBLIC_BASE_URL for webhooks, node for runtime, and ical-query for calendar lookups. Native SQLite dependency and build notes are explained. Required items (TWILIO_*, OPENAI_*) are proportionate to Twilio/OpenAI integration.

ℹ

Instruction Scope

SKILL.md / AGENT.md are prescriptive and mostly scoped to phone handling: they constrain tool usage (ask_openclaw), require validated ical-query arguments, and forbid leaking internal prompts. That said, AGENT.md contains a strongly sexualized persona description and policy-like text that could be inappropriate in some deployments (not a security exploit, but a policy/UX concern). The docs claim SUMMARY_JSON metadata is stripped and handled locally — this should be validated by inspecting the runtime code (which is included).

✓

Install Mechanism

Install spec is a local Node/npm install & build of the provided runtime (runtime/). No opaque remote download URLs or archive extraction from arbitrary hosts are present in the manifest. Native build requirements for better-sqlite3 are documented (macOS Xcode license, Linux build-essential).

✓

Credentials

Required env vars are appropriate for the stated functionality (Twilio account SID/token/caller ID, OpenAI API key/project/webhook secret, PUBLIC_BASE_URL). Optional envs include gateway tokens and provider switches which are plausibly needed. The primary credential (OPENAI_API_KEY) is reasonable given the Realtime usage. No unrelated cloud provider keys (AWS, GCP) are requested.

ℹ

Persistence & Privilege

The skill runs as a persistent Node runtime and includes helper scripts for automatic restarts (dist-watcher, LaunchAgent examples). It is not marked always:true and does not auto-enable itself in ClawHub metadata; however installing and enabling will create a long-running service on the host, so operators should treat it as a service and manage its lifecycle and permissions accordingly.

Assessment

This package looks internally consistent for a Twilio + OpenAI phone assistant, but review and take these precautionary steps before deploying: 1) Inspect runtime/src (providers/twilio.ts, mcp-server.ts, router/loader) to confirm webhook handling and that SUMMARY_JSON is only parsed locally as claimed. 2) Run the setup and build on a non-production machine first; test with a throwaway Twilio number to confirm behavior. 3) Limit the scope of credentials: use project-scoped OpenAI credentials if available, and give any gateway tokens the minimum permissions needed. 4) Be aware the runtime creates a long-running process and the repo provides example LaunchAgent plumbing — only register such agents if you trust the code and its update/restart behavior. 5) Review the CRM skill's storage path (AMBER_CRM_DB_PATH default) and backups/retention; ensure sensitive transcripts and contact data are handled according to your privacy requirements. 6) Note the assistant persona in AGENT.md (flirtatious wording) may be inappropriate in some contexts — edit AGENT.md before production use. If you want higher assurance, run the runtime in an isolated host/container, audit any network calls in runtime/src/providers, and rotate keys after testing.

✗

dashboard/scripts/serve.js:70