Advanced AI voice assistant for phone calls. Capable of persuasion, sales, restaurant bookings, reminders, and notifications.
Security Analysis
medium confidenceThe skill's code, required environment variables, and runtime instructions are consistent with a telephony/webhook-based AI calling assistant, but it requires exposing a local webhook endpoint and storing call transcripts so you should treat it as sensitive and run it in a controlled environment.
The name/description (AI phone calls, bookings, reminders, persuasion) match the actual behavior: the script calls https://api.vapi.ai/call, starts a temporary HTTP server to receive Vapi webhooks, and processes call reports and tool calls. Required env vars (VAPI_API_KEY, VAPI_ASSISTANT_ID, VAPI_PHONE_NUMBER_ID, WEBHOOK_BASE_URL) are appropriate for a telephony webhook integration.
SKILL.md instructs the user to make the local machine reachable from the internet (Cloudflare Tunnel / ngrok) and to expose a WEBHOOK_PORT; the script spawns an HTTP server bound to 0.0.0.0 to receive call events and saves call results/transcripts to ~/.openclaw/workspace/logs/vapi-calls. This behavior is expected for real-time telephony webhooks but raises operational/privacy concerns (incoming network exposure and persisted transcripts).
This is instruction-only with no external download/install step. The bundled Python script uses the requests library and stdlib http.server. There are no obscure download URLs or archive extracts. package.json references requests and a postinstall chmod, but there is no high-risk installer that pulls arbitrary code from an unknown host.
Environment variables requested are proportional to the service being used (VAPI API key, assistant and phone IDs, and public webhook base URL). The VAPI_API_KEY is sensitive and should be stored/rotated appropriately; the skill does not request unrelated credentials.
The skill does not request always:true and can be invoked by the user. It does open a temporary server bound to 0.0.0.0 while running and writes logs (including transcripts) to the user's home directory. These behaviors are expected but increase attack surface and data exposure if run on an unrestricted host.
Guidance
This skill appears to do what it says, but it requires you to make a machine reachable from the internet and provides Vapi with a webhook endpoint. Before installing or running: (1) Protect the VAPI_API_KEY (store it securely and rotate if compromised). (2) Run the skill in an isolated environment (container or dedicated VM) rather than on a machine with sensitive data. (3) Use a trusted tunnel provider (paid/official ngrok or Cloudflare tunnel) and verify WEBHOOK_BASE_URL points to your tunnel. (4) Be aware that call transcripts and reports are written to ~/.openclaw/workspace/logs/vapi-calls — remove or encrypt logs if they contain sensitive info. (5) Confirm legal/regulatory compliance for automated calling in your jurisdiction and watch for potential billing/costs on the Vapi account. (6) If you need higher assurance, request the upstream repository/source and a signed/reproducible release to audit dependencies and code provenance.
Latest Release
v1.0.3
- No user-facing changes in this release. - Version number has been updated; all skill files and documentation remain unchanged.
More by @MrsZ
Published by @MrsZ on ClawHub
