TeddyMobile Vox Phone Notification
PassAudited by ClawScan on May 13, 2026.
Overview
The skill appears aligned with its stated purpose of sending TeddyMobile phone notifications, but it uses TeddyMobile credentials and can place real outbound calls, so users should install it only if they intend that integration.
This skill does not show evidence of malicious behavior in the provided artifacts. Before installing, confirm you want a runtime capable of sending TeddyMobile outbound calls, protect the VOX_* credentials, verify any hosted zip source, and add production safeguards such as per-call authorization, recipient validation, logging hygiene, callback authentication, and retention limits for phone-notification records.
Publisher note
TeddyMobile Vox outbound phone notification skill for Claw-compatible runtimes with verified real-world playback. Supports natural-language notification parsing, HMAC-signed outbound calls, and local credential loading. Requires prior TeddyMobile platform registration and bot configuration. No live credentials are included.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A configured runtime could place phone calls to supplied numbers, which may have cost, privacy, or abuse implications if triggered incorrectly.
The helper can submit outbound phone-notification requests to the provider API, which is the stated purpose but is still a real external side effect.
const response = await fetchImpl(`${baseUrl}${path}`, { method: 'POST', ... body: JSON.stringify(requestBody) });Require clear user or business authorization before each call, validate the phone number and message, and add rate limiting or allowlists for production use.
Anyone with access to those credentials may be able to use the TeddyMobile account’s outbound notification capability.
The skill requires TeddyMobile app credentials and a bot/outbound number to act on the user's provider account; this is disclosed and purpose-aligned.
Configure those credentials with environment variables or a local file such as `~/.teddymobile/credentials.json`.
Store credentials outside source control, restrict file permissions, rotate secrets if exposed, and grant only the TeddyMobile capabilities needed for notifications.
If a hosted zip URL is replaced or served from an untrusted source, users could install a different skill than the one reviewed here.
The release guidance supports installing from a custom hosted zip URL, which is normal for this distribution model but depends on the integrity of that hosted package.
Upload the zip to a stable HTTPS URL ... public HTTPS access ... direct download without login
Install only from trusted URLs, compare the downloaded contents to the reviewed package, and prefer signed or checksummed releases where available.
Stored notification records may contain phone numbers and business details that should not be retained longer than necessary or reused for unrelated tasks.
The integration template suggests persisting phone numbers and business notification context for callback correlation; this is useful but creates stored sensitive context.
Before calling TeddyMobile, save a record keyed by `requestId`. Suggested fields: `requestId`, `callee`, `task`, `variables`, `status`, `createdAt`
Define retention, access controls, and deletion for notification context, and avoid storing unnecessary message content.
If deployed publicly without verification, unrelated callers could reach the callback endpoint and potentially trigger callback processing or agent work.
The optional callback example accepts provider webhook-style POSTs and streams SSE responses, but the sample does not show origin, signature, or authentication checks.
app.post('/vox/callback', async (req, res) => { const body = req.body || {}; ... res.setHeader('Content-Type', 'text/event-stream');Treat the callback server as an example only; in production, verify TeddyMobile callback authenticity, use HTTPS, restrict network access where possible, and avoid trusting callback text as authoritative instructions.