Skillv1.0.0

ClawScan security

send-ai-voice-message-via-sms · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 24, 2026, 6:32 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description and runtime instructions are internally consistent for producing TTS and sending an SMS with an audio link; it is instruction-only, requests no extra credentials, and doesn't ask the agent to access unrelated files or secrets — but it lacks implementation details about how audio is hosted and assumes platform-provided APIs for sending SMS/TT S, so confirm those capabilities before use.
Guidance: This skill is high-level and relies on platform-provided 'chat', 'tts', and 'sms_verification' capabilities — before installing, confirm that your agent platform will actually: 1) host the generated audio (produce a stable URL), 2) send SMS messages (and what API/credentials and sender identity are used), and 3) handle billing, rate limits, and delivery status. Also verify privacy and consent for sending SMS (store/handle phone numbers appropriately), test the workflow with non-customer numbers, and confirm regulatory compliance (e.g., local SMS/voice notification rules). If your platform does not provide built-in TTS/SMS, ask the skill author for concrete provider/credential requirements; the current SKILL.md omits these operational details.

Review Dimensions

Purpose & Capability: okThe name/description (generate message -> TTS -> notify via SMS) matches the SKILL.md workflow and listed APIs (chat, tts, sms_verification). Nothing in the manifest asks for unrelated credentials or binaries. One minor note: sending SMS and hosting an audio link normally requires a provider or storage; the skill declares no external credentials, which is coherent if the platform supplies built-in 'tts' and 'sms_verification' services — otherwise you should expect missing dependencies.
Instruction Scope: okSKILL.md is instruction-only and stays on task (clarify audience, draft message, use platform capabilities, refine). It does not instruct reading local files, accessing unrelated env vars, or exfiltrating data. It is high-level and does not include concrete steps for hosting audio or the exact API calls to send an SMS, which is a scope-limitation but not a clear security issue.
Install Mechanism: okNo install spec and no code files are present, so nothing will be written to disk or downloaded during install — lowest-risk install posture.
Credentials: okThe skill declares no required env vars or credentials. That is proportionate only if the platform offers built-in chat/tts/sms APIs. If the platform does not provide those services, the absence of declared credentials is a missing requirement (operational gap) rather than an overbroad request. No secret-named env vars or config paths are requested.
Persistence & Privilege: okThe skill is not marked always:true, is user-invocable, and allows normal model invocation — standard defaults. It does not request persistent system-wide changes or access to other skills' configs.