Google Voice Caller

v1.2.1

Automate Google Voice calls with AI-generated voice (TTS) or local audio injection.

⭐ 0· 154·0 current·0 all-time

by@joe12801

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

high confidence

ℹ

Purpose & Capability

The name/description, SKILL.md, and code align: Puppeteer-driven Chromium + ffmpeg + TTS/audio injection to drive voice.google.com is coherent with an automated caller. However, the skill ships a full google_voice_cookies.json file (session cookies) inside the repository — that is not required to describe the capability and is disproportionate and dangerous. The code also supports GV_COOKIE_PATH via env but the skill declares no env requirements.

Instruction Scope

Runtime instructions and engine.js explicitly read a cookie file, set cookies into the headless page, navigate to voice.google.com, click UI to place calls, inject a fake-audio file, and capture recorded audio into /tmp. Those actions are directly tied to the stated purpose, but the instructions/docs ask the user to 'place google_voice_cookies.json' while the repository already contains one — this contradicts the 'keep cookies secure' guidance and widens the attack surface. The engine captures audio in-page and writes it to /tmp, but does not show exfiltration to external servers.

✓

Install Mechanism

No install spec is provided (instruction-only), which is lower risk. The skill expects puppeteer-core, chromium, and ffmpeg — reasonable for the functionality. There is no remote download/install URL in the package, so installation risk is limited to the usual Node/native dependencies. Note: the package includes node code but no package.json; consumers must ensure dependencies are installed correctly.

Credentials

The package bundles google_voice_cookies.json containing many Google session cookies (APISID, SID, HSID, etc.). Requesting or embedding full session cookies is disproportionate compared to the declared requirements (the SKILL.md says to provide your own cookies but the repo includes them). The code will use those cookies by default (or GV_COOKIE_PATH if set), granting whoever runs the skill immediate authenticated access to the associated Google account. No other env secrets are declared, but GV_COOKIE_PATH is referenced without being documented as required.

Persistence & Privilege

The skill is not force-enabled (always:false) and is user-invocable, which is normal. However, autonomous invocation plus included account cookies increases blast radius: an agent could autonomously place calls using the embedded account. The Chromium launch disables sandboxing (--no-sandbox) which weakens process isolation and is an additional operational risk.

Scan Findings in Context

[embedded-credentials-google-cookies] unexpected: The repository contains google_voice_cookies.json with numerous Google authentication cookies (APISID, SID, HSID, __Secure-*. etc.). Bundling session cookies is not expected or necessary for a caller plugin and effectively ships credentials. This is a high-risk practice — the skill should require the user to supply their own credentials/cookies (or use an official auth flow) and should not include live cookies in the package.

What to consider before installing

Do not install or run this skill as-is. The package contains a google_voice_cookies.json file with session cookies that grant access to a Google account; using it could let whoever controls the cookies make calls, incur charges, or access account data. Before using this skill: 1) Remove the bundled google_voice_cookies.json and never run code with unknown session cookies. 2) Prefer an official auth flow or supply your own credentials/cookies from an account you control, and verify their provenance. 3) Run the skill in an isolated environment (not as root) and ensure Chromium's sandbox is available; avoid --no-sandbox if possible. 4) Audit lib/engine.js for any outbound network calls or exfiltration and confirm recordings are stored only where you expect. 5) Consider legal/privacy implications of automated calling and recording in your jurisdiction. If you cannot verify the cookie ownership and intent of the publisher, treat this package as unsafe and avoid installing it.

Like a lobster shell, security has layers — review code before you run it.

latestvk977d76bjzj7bqr88p98nwb65h83e1ra

154downloads

0stars

4versions

Updated 3w ago

v1.2.1

MIT-0

google-voice-caller 📞

简体中文 | English

简体中文

一个让你的 OpenClaw Agent 具备物理外呼能力的黑科技插件。它通过无头浏览器（Puppeteer）直接驱动 Google Voice 网页端，实现低成本、自动化的语音通话。

✨ 核心特性

自动拨号：支持全球号码拨打（遵循 Google Voice 费率）。
音频注入：支持将 AI 生成的语音（TTS）或本地 .wav 文件直接“灌入”通话，对方接听即可听到。
自然语言交互：直接对 Agent 说“给主人打个电话说开会了”，即可自动触发。
持久会话：通过 Cookie 注入，无需反复登录验证。

🛠️ 前置要求

Google Voice 账户：且账户内有足够余额（拨打非美加号码）。
环境依赖：chromium, ffmpeg, puppeteer-core。
认证信息：在技能目录下准备好 google_voice_cookies.json。

🚀 快速开始

"打电话给 +8615912345678 告诉他文档已经写好了。"

English

A powerful plugin that grants your OpenClaw Agent the ability to make physical phone calls. It drives the Google Voice web interface via a headless browser (Puppeteer), enabling low-cost, automated voice communication.

✨ Key Features

Automated Dialing: Supports global calling (following Google Voice rates).
Audio Injection: Directly inject AI-generated voice (TTS) or local .wav files into the call stream.
Natural Language Interaction: Just say "Call my boss and tell him I'm on my way" to trigger the action.
Persistent Session: Uses cookie injection to skip repetitive login verifications.

🛠️ Prerequisites

Google Voice Account: Ensure sufficient balance for non-US/Canada calls.
Environment: chromium, ffmpeg, puppeteer-core.
Auth: Place google_voice_cookies.json in the skill directory.

🚀 Quick Start

"Call +1234567890 and say the report is ready."

⚙️ Parameters / 参数说明

Parameter	Required	Default	Description
`--number`	✅	-	Target number (E.164 format)
`--text`	❌	-	Text to speak (Auto TTS)
`--audio`	❌	-	Local audio path (.wav)
`--duration`	❌	60	Call duration in seconds