Back to skill
Skillv1.0.0
VirusTotal security
Sip Voice Call Control · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:41 AM
- Hash
- 0211f579b803cbe93eb4b3bd9ca9a2a9acfbf9f8e6066f6622d07624b61c27a0
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: telnyx-voice-sip Version: 1.0.0 The skill is classified as suspicious due to several vulnerabilities that could be exploited for unauthorized actions. Specifically, the `addReminder` function in `src/dev.ts` constructs a shell command using user-provided input (`time` parameter) without sufficient sanitization, posing a shell injection risk. Additionally, the `sendMessage` function in `src/dev.ts` forwards user-controlled content as a prompt to a local gateway agent, creating a prompt injection vector against that agent. Finally, the `loadPersonalization` function in `src/dev.ts` incorporates content from `IDENTITY.md` and `USER.md` directly into the voice LLM's system prompt, presenting a prompt injection risk if these files are compromised.
- External report
- View on VirusTotal