ai-phone-calls-steponeai
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: ai-phone-calls-steponeai Version: 1.0.3 The skill provides AI-powered phone calling capabilities via the Stepone AI service (open-skill-api.steponeai.com). It includes several proactive safety measures, such as mandatory manual confirmation before placing calls, strict input validation for phone numbers, and a response sanitization function in callinfo.sh and stepone.sh designed to strip potential prompt-injection instructions from API responses. The code is well-structured, lacks obfuscation, and aligns strictly with its stated purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or unauthorized invocation could call a real person and spend account credit.
The skill can perform a real-world action with cost and compliance implications, but the artifact also discloses this and describes confirmation plus single-recipient limits.
这个 skill 会发起真实电话外呼,可能产生话费/平台费用... 默认脚本会要求输入 `CALL` 后才真正拨号... 每次只允许拨打 1 个号码
Only use it when you are authorized to call the recipient, verify the number and message, and do not automate or bypass the confirmation step.
Anyone with the API key may be able to use the account’s calling capability or access related call information.
The skill requires a Stepone AI API key to authorize calls and call-record queries; this is expected for the integration and is read from an environment variable.
requires":{"env":["STEPONEAI_API_KEY"]} ... API Key 只通过环境变量 `STEPONEAI_API_KEY` 读取Store the API key securely, provide only the intended key, and rotate it immediately if it is exposed.
Call content and recipient information may contain personal or business-sensitive data handled by the provider.
Phone numbers, call instructions, and transcripts leave the local environment and are processed by the Stepone AI service, which is central to the skill’s purpose and disclosed.
也会把电话号码、外呼任务和通话转写发送到 Stepone AI 服务
Use only data necessary for the call, avoid unnecessary sensitive details, and make sure Stepone AI’s terms and privacy handling are acceptable.