电话外呼与自动通知
PassAudited by ClawScan on May 6, 2026.
Overview
This skill appears to do what it says—place user-approved outbound calls—but it uses an ElevenLabs account and sends call details to ElevenLabs/Twilio, so users should configure and authorize it carefully.
Install only if you intend to let OpenClaw place outbound calls through your ElevenLabs/Twilio setup. Keep the API key restricted and private, verify the package/source due to the metadata mismatch, and require a clear confirmation of the phone number and message before every call.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or unauthorized invocation could call the wrong person or incur telephony/provider charges.
The skill enables an agent to initiate real outbound phone calls, but the documented workflow explicitly requires confirmation and consent before use.
Run the call script with a phone number... python3 skills/outbound-call/call.py +1XXXXXXXXXX ... ALWAYS confirm the phone number with the user before placing a call ... NEVER place a call without explicit user consent
Only invoke it after confirming the exact number, recipient, purpose, and opening message with the user.
Anyone or any agent flow with access to the configured key could potentially consume account quota or place calls through the linked ElevenLabs/Twilio setup.
The script uses an ElevenLabs API key from the environment to authenticate outbound-call requests.
API_KEY = os.environ.get("ELEVENLABS_API_KEY", "") ... "xi-api-key": API_KEYUse a dedicated, least-privileged key if available, keep it out of logs and prompts, rotate it if exposed, and monitor provider usage.
Call context may contain personal, customer, appointment, billing, or other sensitive information that will be processed by the external provider.
The phone number, optional first message, and optional call context are sent to an external ElevenLabs/Twilio call workflow.
API_URL = "https://api.elevenlabs.io/v1/convai/twilio/outbound-call" ... client_data["dynamic_variables"] = {"call_context": context}Send only the minimum call context needed, avoid unnecessary sensitive details, and review ElevenLabs/Twilio retention and compliance settings.
It may be harder to confirm the exact origin or intended release of the packaged skill.
The included package metadata does not match the registry listing, which reports slug smallkeyboy-outbound-call and version 1.0.0. The code is included and reviewable, so this is a provenance/version verification note rather than evidence of unsafe behavior.
"slug": "outbound-call", "version": "0.1.5"
Verify the repository or publisher before installing, especially because the skill uses a live calling account.