ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Sip Voice Call Control

v1.0.0

Voice interface using Telnyx Call Control API. Answer phone calls with AI, function calling, and natural conversation. Use for hands-free assistant access, phone-based reminders, or voice-controlled tools. Requires Node.js and Telnyx API key.

1· 1.2k·1 current·2 all-time
by@teamtelnyx
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (Telnyx SIP voice control) mostly align with the code: it uses the Telnyx API, implements webhook handlers, STT/TTS, and function-calling tools. However, the code also expects/uses local gateway tooling and may run local CLI commands (openclaw/clawdbot/moltbook) and will attempt to start a cloudflared tunnel — binaries/configs not declared in the skill metadata (cloudflared and local CLIs). These extras are plausible for cross-channel messaging and 'auto-setup' but are not proportional to what's declared in required bins/envs.
!
Instruction Scope
SKILL.md tells agents to run persistent servers (nohup), start the service, and expects the agent to run shell commands. The runtime code reads workspace files (IDENTITY.md, USER.md) which the doc mentions, but it also reads user home config files (~/.openclaw/openclaw.json and ~/.clawdbot/clawdbot.json) to extract a gateway URL/token — this is not declared under required config paths. The code will execute local CLIs and child processes to perform tools (send_message, add_reminder, etc.), which grants the skill the ability to run arbitrary commands via the host CLI stack; the SKILL.md does not clearly warn about reading home-configs or executing arbitrary local tooling.
Install Mechanism
There is no formal install spec (instruction-only install via npm). package.json lists reasonable dependencies (express, telnyx, openai). The tunnel manager spawns the cloudflared binary but cloudflared is not listed among required binaries in metadata or SKILL.md; that mismatch means the code may fail or silently try to start a binary that isn’t present. No remote downloads or obscure URLs are used in the included files.
!
Credentials
Declared required env is a single TELNYX_API_KEY (appropriate). But the code also reads/uses other environment values and local config files (WORKSPACE_DIR, HOME, ~/.openclaw/openclaw.json, ~/.clawdbot/clawdbot.json) to obtain gateway URL and gateway auth token — effectively reading unrelated credentials from the host. That access is not disclosed in the metadata (required config paths = none) and expands the blast radius beyond Telnyx.
!
Persistence & Privilege
The skill requires persistent background execution (SKILL.md instructs using nohup or a process manager) and will open an inbound webhook by creating a public tunnel and updating/creating Telnyx Call Control Applications (using the provided TELNYX_API_KEY). While always:false and autonomous invocation are normal, the combination of persistent network exposure (cloudflared tunnel), ability to create/modify Telnyx apps, and potential access to gateway tokens and local CLIs elevates privilege and risk — especially if run on a machine with sensitive local configs or credentials.
What to consider before installing
This skill is plausible for Telnyx voice handling, but it does a few surprising things you should evaluate before installing: - Review the code yourself (src/tunnel.ts and src/dev.ts). It will attempt to start a cloudflared tunnel and create/update Telnyx Call Control Applications using your TELNYX_API_KEY — that will publish a webhook URL and may create SIP subdomains in your Telnyx account. - The skill reads workspace files (IDENTITY.md, USER.md) and also tries to read ~/.openclaw/openclaw.json and ~/.clawdbot/clawdbot.json to obtain a gateway URL and token. If you have other agent/CLI tools installed, this could allow the skill to use existing gateway credentials. If those files contain tokens for other services, consider running the skill in an isolated environment (container/VM) or remove/rotate those tokens first. - The code spawns local CLIs and arbitrary child processes to implement tools (send_message, reminders). Only run it on machines where you trust installed command-line tools; do not run on machines with sensitive credentials/configs. - The metadata omitted cloudflared and local CLI requirements. Ensure cloudflared is installed if you expect automatic tunneling, or disable the tunnel and provide a manually configured publicly reachable webhook. - Least-privilege advice: give the TELNYX_API_KEY only the minimum permissions needed (voice/call-control), and avoid running on hosts that contain other service tokens. Prefer testing in an isolated environment first and inspect logs and network traffic (or audit code) before deploying to production.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ac15wz3kytpk88t18aycq4980xeap

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📞 Clawdis
Binsnode, npm
EnvTELNYX_API_KEY
Primary envTELNYX_API_KEY

Comments