Back to skill
Skillv1.0.1
ClawScan security
AgentPhone · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 4, 2026, 6:50 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's declared requirements and runtime instructions are consistent with its stated purpose (making real phone calls via an external API) and do not request unrelated credentials or system access.
- Guidance
- This skill appears coherent, but review these practical safety points before installing: 1) Protect the AGENTPHONE_API_KEY like any secret (use a dedicated, limited key if possible, rotate it, and do not paste it into chat logs). 2) Calls produce transcripts and recordings — confirm legal requirements and obtain consent from parties before recording; recordings may contain sensitive PII. 3) The registry metadata lists no homepage/source, but SKILL.md and README reference agentphone.app; verify you trust that external service and read its privacy/terms and pricing (calls consume credits). 4) Monitor usage and billing (credits can be exhausted or charged). 5) The skill enforces guardrails (no emergency numbers, rate limits) but you should still validate phone numbers and objectives before sending them to the API. If you need higher assurance, ask the author for a published source repository or official docs to verify implementation details.
Review Dimensions
- Purpose & Capability
- okName/description, required binary (curl), and the single required env var (AGENTPHONE_API_KEY) all align with an HTTP-based telephony API. The README and SKILL.md point to agentphone.app as the service used; while the registry metadata listed no homepage/source, the skill itself documents the external API endpoint and signup flow.
- Instruction Scope
- okSKILL.md contains concrete API call examples, polling logic, error handling, and guardrails (e.g., E.164 phone format, no emergency numbers). It does not instruct the agent to read unrelated files, query unrelated environment variables, or exfiltrate data to unexpected endpoints. Optional website scraping is explicitly declared as for context.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files; lowest-risk delivery. It requires curl to be present, which matches the provided curl examples.
- Credentials
- okOnly a single API key (AGENTPHONE_API_KEY) is required and is justified by the documented x-api-key auth. No other credentials, secret-named env vars, or config paths are requested.
- Persistence & Privilege
- okThe skill is not always-enabled, does not request elevated persistence, and contains no instructions to modify other skills or system-wide settings. Autonomous invocation is allowed (default) but is not combined with other risky privileges.