v2.0.0

KallyAI Executive Assistant (Claude Code)

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 4:53 AM.

Analysis

The skill is not overtly malicious, but it delegates very broad real-world actions like calls, emails, bookings, billing, messages, and outreach to a remote assistant using stored OAuth credentials, so it warrants careful review before use.

GuidanceInstall only if you are comfortable delegating real-world communications and account actions to KallyAI. Review OAuth scopes, set explicit budgets and approval expectations, use direct commands for sensitive tasks, monitor active goals and inbound rules, and log out or revoke access when finished.

Findings (6)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

Routes through coordination AI. Creates goals, makes calls, sends emails — whatever is needed.

The recommended natural-language command can trigger external communications and actions through an AI router, but the runtime instructions do not require explicit confirmation before each high-impact action.

User impactA broad or ambiguous request could result in real phone calls, emails, bookings, outreach, or other account-affecting actions being initiated.

RecommendationUse this only with clear, specific requests; require confirmation before outbound calls, emails, purchases, bookings, bill handling, or outreach; prefer direct commands when possible.

Cascading Failures

SeverityMediumConfidenceHighStatusConcern

references/api-reference.md

Send a natural language message to the coordination AI. Automatically creates goals and dispatches actions.

The API reference shows that one natural-language message can create goals and dispatch follow-on actions, which can propagate a mistaken instruction across multiple tasks or channels.

User impactOne incorrect or overbroad prompt could cascade into multiple calls, messages, bookings, or sub-goals before the user reviews every step.

RecommendationSet budgets and approval checkpoints, monitor active goals, and cancel or cascade-cancel unwanted goals promptly.

Rogue Agents

SeverityMediumConfidenceHighStatusNote

SKILL.md

Inbound — View incoming calls, manage routing rules, voicemails, contacts

Inbound receptionist and routing features are disclosed and purpose-aligned, but they can continue affecting incoming calls after initial setup.

User impactPersistent routing or receptionist settings could keep handling calls in ways the user later forgets or no longer wants.

RecommendationRegularly review inbound rules, forwarding, voicemail, and receptionist settings; disable or remove them when no longer needed.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

metadata

Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.

The package includes runnable scripts but has limited provenance and no formal install recipe, which makes verification and repeatable setup harder.

User impactUsers have less external provenance information for deciding whether to trust the included CLI code.

RecommendationInspect the included scripts before use, install dependencies from trusted sources, and prefer a verified project homepage or repository if available.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

references/api-reference.md

`calls:write` | Make and manage phone calls ... `actions:write` | Create calendar events, bookings, etc. ... `email:write` | Send emails, manage accounts ... `billing:manage` | Access billing portal

The documented OAuth scopes include broad delegated authority over communications, bookings/actions, email management, and billing.

User impactIf the account grants broad scopes, the skill can act with substantial authority over the user's communications, appointments, and billing-related workflows.

RecommendationReview the OAuth consent screen and granted scopes, use the least-privileged account available, and log out or revoke access when not needed.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusNote

references/api-reference.md

Get Conversation History ... List Conversations ... `transcripts:read` | Read call transcripts ... `recordings:read` | Access call recordings

The service stores or exposes conversation history, goals, transcripts, and recordings, which are expected for an executive assistant but may contain sensitive personal or business context.

User impactSensitive instructions, call contents, inbox items, or recordings may be available through the KallyAI account and reused in later workflows.

RecommendationAvoid sending unnecessary secrets or highly sensitive data, review stored histories/transcripts, and confirm the provider's retention and deletion controls.