OpenClaw Phone Receipt
ReviewAudited by ClawScan on May 10, 2026.
Overview
The phone-call automation is mostly purpose-aligned, but it also directs Telegram summary delivery and changes completion-call behavior without clearly scoped messaging details.
Install only if you want persistent phone receipt automation and understand that successful non-urgent tasks may be summarized via Telegram. Before use, configure your own TO_NUMBER, protect the ElevenLabs/Twilio credentials, and confirm whether completion calls or only failure/urgent calls are intended.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private task details could be sent through Telegram when the user expected only phone receipt behavior or local completion handling.
This creates an external messaging path for task summaries, but the artifacts do not define the Telegram account, recipient, credential source, or what summary content is safe to send.
All other non-urgent successful tasks: - send Telegram text summary only (no phone call). ... use message delivery (Telegram text) as default receipt path.
Require explicit user opt-in for Telegram delivery, declare the Telegram capability/configuration, identify the recipient, and limit or redact summary content.
A user who asks to be called after completion may not receive that call and may instead have a Telegram summary sent.
The advertised completion-call use case conflicts with the enforced default policy that disables completion calls and only calls on failure or urgent tasks.
Use when user asks to call them after finishing/failing a task ... policy.onComplete=false ... Phone call only when: 1) task failed, OR 2) user explicitly marks task as urgent
Align the description and policy: either clearly state the skill is failure/urgent-only, or honor explicit completion-callback requests.
Running or automatically invoking the script can place calls and potentially incur provider costs.
The script initiates an outbound phone call through ElevenLabs/Twilio using the configured phone number and API key; this is central to the skill but is a high-impact external action.
curl -sS -X POST "https://api.elevenlabs.io/v1/convai/twilio/outbound-call" ... -d "$payload"
Verify the target number and provider account before testing, and keep calls limited to explicit user-approved policy conditions.
If copied unchanged, test or policy-triggered calls may go to an unintended number.
The example environment file contains a concrete phone number rather than a blank placeholder, and the setup guide tells users to copy this file before configuring the skill.
TO_NUMBER=+639178688896
Replace the sample number before any test call; the publisher should leave TO_NUMBER blank or use an obviously non-routable placeholder.
Anyone with access to the env file or shell environment could potentially use the ElevenLabs account to initiate calls.
The skill needs provider credentials and account identifiers to place outbound calls; this is expected for the integration but sensitive.
Requires `.env.elevenlabs-call` with: - `ELEVENLABS_AGENT_ID` - `ELEVENLABS_OUTBOUND_PHONE_ID` - `TO_NUMBER` ... `ELEVENLABS_API_KEY` can come from shell env or `.env.elevenlabs-call`.
Use a limited-scope API key, protect the env file, avoid committing it, and rotate credentials if exposed.
A malicious or accidentally edited env file could execute shell commands when the call script runs.
The script loads the env file with shell `source`, so the file is treated as executable shell syntax rather than only parsed as key-value data.
if [[ -f "$ENV_FILE" ]]; then ... set -a; source "$ENV_FILE"; set +a
Keep the env file trusted and private, or change the loader to parse only expected key-value variables.
Once enabled, later failed or urgent tasks may trigger notification behavior until the state is disabled or changed.
The skill stores persistent notification state and policy under the workspace memory directory for reuse across sessions.
path = os.path.join(root, "memory", "phone-receipt-state.json") ... "policy": {"onComplete": False, "onFailure": True, "onUrgent": True}Use `phone-receipt=off` when no longer needed and review or delete the state file if behavior is unexpected.