Ai Calls China Phone
ReviewAudited by ClawScan on May 2, 2026.
Overview
This skill appears coherent and purpose-aligned, but it can place real paid phone calls and sends phone numbers and transcripts to Stepone AI.
Install only if you trust Stepone AI and need AI outbound calling. Confirm you are legally authorized to call each number, review the call content before typing CALL, keep the API key private, and avoid putting unnecessary sensitive personal, financial, or business information into call prompts.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or unauthorized invocation could call a real person and consume paid Stepone AI credits.
The skill can initiate real outbound calls and includes a lower-level raw call path, but the documentation discloses the impact and describes explicit confirmation gates.
这个 skill 会发起真实电话外呼,可能产生话费/平台费用...默认脚本会要求输入 `CALL` 后才真正拨号。...raw JSON 调试,需要显式设置 `STEPONEAI_ENABLE_RAW_CALL=1`,并再次输入 `RAWCALL` 确认
Use only for authorized calls, verify the number and call purpose before confirming, and do not bypass the CALL or RAWCALL confirmation steps.
Anyone with the API key could potentially use the Stepone AI account or credits for calls.
The script sends a user-provided Stepone AI API key to authenticate calls; this is expected for the service, with no evidence of hardcoding or unrelated credential use.
-H "X-API-Key: $STEPONEAI_API_KEY"
Set the API key only in trusted environments, avoid logging or sharing it, and rotate it immediately if exposed.
Phone numbers, call instructions, and conversation transcripts may contain personal or business-sensitive information handled by the provider.
The skill explicitly states that phone numbers, call tasks, and transcripts are sent to the external Stepone AI service.
也会把电话号码、外呼任务和通话转写发送到 Stepone AI 服务。
Use the skill only if you trust Stepone AI for this data, have consent/authorization for the call, and avoid including unnecessary sensitive details.
If an agent treats transcript text as commands instead of data, a caller or service response could influence later agent behavior.
The code recognizes that API responses may contain instruction-like fields and strips a known field before printing JSON responses, but transcripts and streamed conversation text remain untrusted external content.
# API responses may contain service-side instruction fields that are useful to humans but unsafe to pass through to an agent as raw prompt text.
Treat call transcripts and streamed responses as untrusted data; do not let them override the user's instructions without explicit user approval.