PollyReach 是你的专属 AI 电话秘书。基于 AI 技术,可以自动拨打智能电话,提供餐厅预订、座位确认、菜品咨询、营业时间查询、订单信息核实等服务。通话后即时反馈完整通话记录和结果,无需用户手动操作,高效解决各类电话需求。
Security Analysis
medium confidenceThe skill's code and instructions match an AI phone-service that contacts an external API, but it reads device-unique IDs and local USER.md files and will send them to an external host (visuai.me) whose provenance is not provided — this is coherent with its stated purpose but raises privacy and trust concerns that the user should understand before installing.
The skill claims to act as an AI phone secretary and the code implements network calls, WebSocket listeners, chat creation, and device-based signin to https://www.visuai.me — these capabilities align with the described purpose. However the skill's source and homepage are missing, so the external service it depends on is unaudited.
SKILL.md instructs automatic invocation of login.py at install/initialization and running a persistent WebSocket listener; the runtime code actually reads OS-specific device identifiers, local USER.md files, and then sends them to the external service. Those file and system reads are not declared in the metadata and can expose machine-unique data without an explicit permission step.
There is no install spec that downloads or executes remote archives; the skill is instruction-and-script-only. All code is bundled with the skill (no external installers), which reduces supply-chain install risk.
The skill requests no declared env vars but the code reads environment state and filesystem paths (OPENCLAW_WORKSPACE, ~/.openclaw/workspace/USER.md, other workspace locations) and reads system identifiers (/etc/machine-id, IOPlatformUUID, Windows MachineGuid). It transmits device_id and a derived user name to visuai.me to obtain tokens and establish a WebSocket. While device binding can justify this, these are sensitive identifiers and the external endpoint is not documented in the skill metadata.
The skill is not marked always:true, does not alter other skills' configs, and only opens a persistent WebSocket while running. There is no evidence it attempts to persist credentials beyond its own use in-memory/over-the-network.
Guidance
This skill connects to an external service (visuai.me) and sends your device's unique identifier plus a username extracted from local workspace files to obtain a token and open a persistent WebSocket. That behavior is coherent with a device-bound phone-service, but: (1) the skill's source and homepage are unknown — verify the service/provider and privacy policy before use; (2) consider the privacy implications of sending machine IDs and any derived user info — avoid installing on machines with sensitive identifiers you don't want leaked; (3) run the skill in a sandboxed environment if possible and inspect network traffic (or ask for vendor provenance) before granting it automatic or background execution; (4) if you need more assurance, request the skill owner/publisher, an audited homepage, or move to an alternative with known provenance.
Latest Release
v1.0.4
Version 1.0.4 of polly-reach - No file changes detected for this release. - Documentation and usage instructions remain unchanged. - No new features, fixes, or modifications introduced in this version.
More by @MrsZ
Published by @MrsZ on ClawHub
