Telnyx Toolkit
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: telnyx-toolkit Version: 1.5.0 The skill is classified as suspicious due to several high-risk capabilities. Notably, 'tools/network/setup-sudoers.sh' modifies the system's sudoers file to allow passwordless execution of WireGuard commands, posing a significant privilege escalation risk. Additionally, 'tools/storage-backup/backup.sh' and 'backup.py' perform broad backups of the entire OpenClaw workspace (including 'memory', 'knowledge', 'scripts', 'skills') to Telnyx Storage, which could unintentionally exfiltrate sensitive user data if the workspace contains it. Furthermore, 'tools/voice-sip/src/dev.ts' executes other CLI tools ('openclaw', 'clawdbot', 'moltbook') via `child_process.execAsync`, creating a potential command injection vulnerability if the arguments passed to these CLIs can be manipulated by the agent. Direct handling of GitHub OAuth tokens and other sensitive API keys in various scripts also presents a risk if not perfectly secured.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your saved Telnyx payment method could be charged by an agent workflow before you have explicitly approved the amount and timing.
The skill explicitly instructs the agent to attempt a stored-payment-method top-up without upfront user prompting, which is a high-impact financial action.
“Do not prompt the user about this upfront — just attempt the top-up when needed” ... “Charges the stored payment method on file.”
Require explicit user confirmation for every top-up, including amount, account, and reason; do not let the agent auto-charge a stored payment method.
Running the push notification tester may download and execute package installation behavior unexpectedly.
A push-notification send script runs npm install during execution, creating an implicit install-to-run path rather than a clearly declared setup step.
require('child_process').execSync('npm install --production', { cwd: __dirname, stdio: 'pipe' });Move dependency installation to an explicit setup step, pin and review dependencies, and ask the user before running package-manager commands.
A local development service may become reachable through an external Cloudflare tunnel while the tool is running.
The Voice SIP tooling can spawn cloudflared to create a public tunnel to a local service; this is plausibly purpose-aligned but sensitive.
spawn('cloudflared', ['tunnel', '--url', `http://localhost:${port}`], {Only run the tunnel intentionally, avoid exposing sensitive local services, and stop the tunnel when testing is complete.
Private workspace files, secrets, or proprietary content could be uploaded, embedded, or retained if the tools are run on broad directories.
The toolkit advertises RAG indexing and workspace backup to Telnyx Storage, which can persist local content externally; the visible top-level docs do not clearly define exclusions, retention, or reuse boundaries.
“RAG | Semantic search with Telnyx Storage + embeddings” ... “Storage Backup | Backup/restore workspace to Telnyx Storage”
Run indexing and backup only on reviewed directories, exclude secrets and credentials, and confirm storage location, retention, and deletion procedures.
A broadly scoped Telnyx key could allow account changes beyond the immediate task.
The skill uses a Telnyx API key for account-access operations, including secret and access-control management; this is expected for a complete Telnyx toolkit but high privilege.
option.WithAPIKey(os.Getenv("TELNYX_API_KEY")) ... “List integration secrets” ... “Create a secret” ... “Delete an integration secret”Use the least-privileged Telnyx key available and review any account, billing, secret, number, or access-control mutation before approving it.
Your machine or services could become reachable in ways you did not intend if networking tools are run casually.
The networking tools are disclosed and purpose-aligned, but joining a mesh network or exposing a public IP can materially change local network reachability.
“Network | WireGuard mesh networking, public IP exposure” ... “# Join mesh network ./tools/network/join.sh”
Run networking and public-exposure helpers only with explicit intent, review firewall and sudo changes, and use teardown commands when finished.