v1.0.1

OpenClaw Phone Receipt

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:31 AM.

Analysis

This skill is review-worthy because it can persist a phone-callback policy across sessions and also instructs sending task summaries through Telegram without clear recipient or data limits.

GuidanceInstall only if you want persistent phone-receipt automation. Before enabling it, verify the target phone number, protect the ElevenLabs/Twilio credentials, decide whether future sessions should be allowed to call automatically, and disable or clarify the Telegram summary path unless you explicitly want task summaries sent there.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Rogue Agents

SeverityMediumConfidenceHighStatusConcern

SKILL.md

If user asks for callback on completion/failure, set `enabled=true`... Persist state to `memory/phone-receipt-state.json`.

A callback request is converted into persistent enabled state, which can keep affecting future sessions rather than being limited to the current task.

User impactA user who intended a one-time callback could later receive automated phone calls for failed or urgent tasks without restating consent.

RecommendationSeparate one-time callbacks from persistent mode, ask explicitly before enabling cross-session behavior, and add an expiry or per-call confirmation option.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusNote

scripts/trigger_call.sh

curl -sS -X POST "https://api.elevenlabs.io/v1/convai/twilio/outbound-call" ... -H "xi-api-key: ${ELEVENLABS_API_KEY}" ... -d "$payload"

The script initiates an external outbound phone call using the configured ElevenLabs credentials and target number; this is expected for the skill but has real-world impact.

User impactRunning the script can place a phone call and may consume provider quota or incur charges.

RecommendationConfirm the target number and desired call policy before enabling the skill, and prefer explicit approval or rate limits for automatic calls.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

Requires `.env.elevenlabs-call` with: `ELEVENLABS_AGENT_ID`, `ELEVENLABS_OUTBOUND_PHONE_ID`, `TO_NUMBER`; `ELEVENLABS_API_KEY` can come from shell env or `.env.elevenlabs-call`.

The skill needs provider credentials and a target phone number to operate; this is purpose-aligned but sensitive account authority.

User impactAnyone or any process able to use those configured credentials may be able to initiate calls through the associated ElevenLabs/Twilio setup.

RecommendationUse a narrowly scoped API key, protect the environment file, and revoke or rotate credentials if the skill is removed or shared.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusConcern

SKILL.md

When phone is not required by policy, use message delivery (Telegram text) as default receipt path.

The skill instructs sending task summaries through an external messaging channel, but the artifacts do not define the Telegram recipient, credentials, content limits, or approval boundary.

User impactTask details or summaries could be sent to Telegram unexpectedly, including information the user did not intend to share through that channel.

RecommendationMake Telegram delivery an explicit opt-in, declare the required configuration, limit summary contents, and confirm the recipient before sending.