Voice Reminder

v1.0.0

Use when user wants to make an outbound call or send a voice reminder, including delayed calls like "X分钟后给XX打电话" or "通知XXX做YYY". Also trigger on general noti...

⭐ 0· 45·0 current·0 all-time

by@smallkeyboy

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for smallkeyboy/voice-reminder.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Voice Reminder" (smallkeyboy/voice-reminder) from ClawHub.
Skill page: https://clawhub.ai/smallkeyboy/voice-reminder
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install voice-reminder

ClawHub CLI

Package manager switcher

npx clawhub@latest install voice-reminder

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

high confidence

ℹ

Purpose & Capability

Name/description map to making outbound calls and scheduling reminders, and the code implements that. However the implementation embeds a hardcoded BASE_URL and several hardcoded task/user IDs rather than using a configurable credential; that is unexpected but plausibly an internal integration. The hardcoded contacts and phone numbers are consistent with the stated purpose.

Instruction Scope

SKILL.md instructs the agent to run the included Python scripts, which is consistent, but the scheduler script spawns shell background jobs with subprocess.Popen(..., shell=True) using user-controlled 'contact' and 'phone_content' values. This creates a command injection risk. The scripts also read/write scheduled_tasks.json and send phone numbers and message content to an external HTTP API — both are beyond ephemeral in-memory activity and warrant scrutiny.

ℹ

Install Mechanism

This is instruction-only for install (no install spec). The skill includes Python scripts that require a Python interpreter and the 'requests' library; no packaging/install guidance is provided, so runtime failures are possible. Lack of an install spec is low-risk in itself but means dependencies are not enforced.

Credentials

The skill requests no environment variables or credentials, but it transmits personally identifiable data (phone numbers and message text) to an external host (https://cljy.51znyx.com). There are hardcoded task and user IDs in the code — unusual to see identifiers baked in without explanation. Even though no secrets are required, the skill will send user-supplied content off-host, which may be disproportionate if the user did not expect an external service call.

Persistence & Privilege

The scheduler creates persistent effects: it writes/updates scheduled_tasks.json on disk and launches background shell processes (sleep ... &), which will continue outside the agent's immediate runtime. This grants the skill the ability to run long‑lived subprocesses on the host and accumulate persistent state.

What to consider before installing

This skill appears to implement outbound/scheduled calls, but review before installing. Key points to consider: - It sends phone numbers and message text to https://cljy.51znyx.com/marketservice/aisp/addSingleTask (hardcoded). If you are not comfortable with that domain receiving PII, do not install. - The scheduler builds and runs a shell command with user-controlled fields using shell=True (sleep + python ... '&'). This is vulnerable to command injection if untrusted text reaches the script; sanitize or avoid running on systems where untrusted input can be passed. - The scripts write scheduled_tasks.json in the repository/workspace — consider privacy and retention of contact data. - There is no install spec; the environment must have Python and the 'requests' package available. The code includes hardcoded task/user IDs instead of a documented API key or config. Recommendations: 1) Inspect and/or host the code yourself; change BASE_URL/IDs or require configurable credentials; do not rely on hardcoded identifiers. 2) Replace shell-based backgrounding with a safer scheduler (e.g., use an agent scheduler, multiprocessing, or subprocess without shell and with properly quoted arguments), and validate/escape all user-provided strings. 3) Confirm the trustworthiness and privacy policy of the external endpoint before allowing the skill to run with real phone numbers. 4) If you must use it but want safer operation, run it in an isolated environment (container) and remove or sandbox network access to the external domain.

Like a lobster shell, security has layers — review code before you run it.

latestvk978d9zjcj5sr7w10etzbb55r985h6k9

45downloads

0stars

1versions

Updated 2d ago

v1.0.0

MIT-0

OpenClaw 外呼技能

调用 /aisp/addSingleTask 接口发起外呼任务。支持通讯录查找、延时外呼、定时任务调度。

通讯录

姓名	别名	号码
季天雄	天雄	15345602935
何天龙	天龙	15655170806

使用方式

方式一：立即外呼

python "$SKILL_DIR/scripts/main.py" "<CONTACT>" "<CONTENT>" <DELAY_SECONDS>

示例：

python scripts/main.py "天龙" "来开会" 0

方式二：智能定时外呼（推荐）

支持自然语言指令，自动解析时间和内容：

python "$SKILL_DIR/scripts/schedule_call.py" "<指令>"

支持的指令格式：

通知天龙三分钟后去吃饭
让天雄一小时后去睡觉
通知天龙明天下午来公司
通知天雄今天晚上开会

时间表达式：

X分钟后 / 几分钟后
X小时后 / 一小时后 / 两小时后
明天下午 / 明天上午 / 明天早上
今天晚上 / 今晚

示例：

python scripts/schedule_call.py "通知天龙三分钟后去吃饭"

3. 汇报结果

脚本会输出 JSON 格式的任务信息。调用者（Agent）必须使用 message 工具将结果发送给用户。

输出格式示例：

{
  "version": "3.0",
  "messageId": "dispatch_20260425195701",
  "timestamp": 1777118221519,
  "messages": [
    {
      "recipient": {
        "type": "shrimp",
        "phone": "15345602935"
      },
      "content": {
        "type": "text",
        "text": "去睡觉"
      }
    }
  ]
}

返回码说明

retCode	说明
`000000`	提交成功
`200001`	任务不存在（taskId/consumerId 不匹配）
`300001`	参数校验失败（phones 为空）
`000001`	操作失败
`999999`	系统异常

Comments

Loading comments...