Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Tour Booking
v0.1.0Sub-agent for outbound listing-office calls to request and confirm property showing slots using a provided call script and structured payloads. Use when a pa...
⭐ 0· 618·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's code and docs clearly implement outbound phone calls via ElevenLabs (preparing payloads, placing calls, parsing results) which is coherent with the name/description. However the registry metadata lists no required environment variables or primary credential, while the code and references explicitly require ELEVENLABS_API_KEY and ELEVENLABS_AGENT_ID for live calls. That metadata omission is an inconsistency and reduces transparency.
Instruction Scope
SKILL.md runbook is narrow and actionable: build a payload from a job file, run a dry-run or live call, then parse results. The instructions do not ask the agent to read unrelated system files or credentials. They do rely on files placed in /tmp (job/payload/result), which is expected for this kind of tool.
Install Mechanism
No install spec (instruction-only with bundled scripts). No remote downloads or package installs are performed by the skill; script files are included in the bundle. This is low install risk.
Credentials
Live operation requires ELEVENLABS_API_KEY and ELEVENLABS_AGENT_ID (and optionally ELEVENLABS_OUTBOUND_URL) which are reasonable for a third-party voice service, but the skill metadata does not declare them. The skill will send PII (client name, address, office phone, metadata) to the external ElevenLabs endpoint; the endpoint URL is overrideable via ELEVENLABS_OUTBOUND_URL, which if misconfigured could redirect PII to an arbitrary server. These facts should be disclosed before assigning credentials.
Persistence & Privilege
The skill is not marked always:true and does not request system-wide config changes. It does not attempt to persist credentials or modify other skills. Autonomous invocation is allowed (platform default) but not combined with other high-privilege settings.
What to consider before installing
This skill implements outbound phone calls and will send job data (client name, address, phone, timezone and other metadata) to ElevenLabs when run in live mode. The bundle and SKILL.md do not declare the two required env vars (ELEVENLABS_API_KEY and ELEVENLABS_AGENT_ID) in the registry metadata — that mismatch reduces transparency. Before enabling live calls: 1) Keep to dry-run mode for testing. 2) Review the included scripts (prepare_call_payload.py and place_outbound_call.py) yourself to confirm what fields are sent. 3) Only provide ELEVENLABS credentials in a secure environment, and consider using credentials with limited scope. 4) Do not set ELEVENLABS_OUTBOUND_URL to an untrusted endpoint (it can redirect where PII is sent). 5) If you need higher assurance, ask the publisher to update the registry metadata to declare required env vars and provide an authoritative homepage/source, or run the skill in an isolated environment first.Like a lobster shell, security has layers — review code before you run it.
callingvk974mfb5fpjvpv6yzkbfbra5zn816j3tlatestvk974mfb5fpjvpv6yzkbfbra5zn816j3treal-estatevk974mfb5fpjvpv6yzkbfbra5zn816j3t
License
MIT-0
Free to use, modify, and redistribute. No attribution required.