ClawHub

OpenClaw Phone Receipt

Security checks across malware telemetry and agentic risk

Overview

The skill’s phone-call behavior is mostly disclosed, but it also tells the agent to send Telegram task summaries without enough setup, consent, or scoping detail.

Install only if you want persistent notification automation and are comfortable reviewing the Telegram behavior first. Before enabling it, confirm who receives Telegram summaries, what task details may be included, protect the ElevenLabs/Twilio env file, replace the sample phone number, and use phone-receipt=off when notifications should stop.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
85% confidence
Finding
The skill's body expands behavior beyond phone receipt management by directing the agent to send Telegram summaries for non-call cases, while the manifest advertises only phone receipt functionality. This scope drift can cause the agent to invoke an undeclared external delivery channel and transmit task information to a service the user did not explicitly authorize in the skill description.

Intent-Code Divergence

Medium
Confidence
87% confidence
Finding
The setup document's runtime policy says calls should occur only on task failure or urgent events, while the skill metadata says it should be used for completion and failure notifications and for persistent toggles across sessions. This mismatch can cause operators or downstream agents to configure broader calling behavior than the documented policy intends, leading to unexpected outbound calls, privacy issues, and policy bypass through ambiguous instructions.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill persists phone receipt behavior across sessions in a memory file without warning that it stores user notification preferences over time. Even if the stored data is limited, persistence of communication preferences can reveal behavioral patterns and may outlast the user's expectations, especially in shared or multi-user environments.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill describes outbound phone calls via ElevenLabs/Twilio and Telegram summaries without an explicit warning that user phone numbers, task status, and possibly task-related content may be transmitted to third-party services. This is dangerous because sensitive operational or personal information could leave the local environment without informed consent, and the combination of voice and messaging channels increases the exposure surface.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal