← Back to Skills Marketplace
Sip Voice Call Control
by
teamtelnyx
· GitHub ↗
· v1.0.0
1329
Downloads
1
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install telnyx-voice-sip
Description
Voice interface using Telnyx Call Control API. Answer phone calls with AI, function calling, and natural conversation. Use for hands-free assistant access, phone-based reminders, or voice-controlled tools. Requires Node.js and Telnyx API key.
Usage Guidance
This skill is plausible for Telnyx voice handling, but it does a few surprising things you should evaluate before installing:
- Review the code yourself (src/tunnel.ts and src/dev.ts). It will attempt to start a cloudflared tunnel and create/update Telnyx Call Control Applications using your TELNYX_API_KEY — that will publish a webhook URL and may create SIP subdomains in your Telnyx account.
- The skill reads workspace files (IDENTITY.md, USER.md) and also tries to read ~/.openclaw/openclaw.json and ~/.clawdbot/clawdbot.json to obtain a gateway URL and token. If you have other agent/CLI tools installed, this could allow the skill to use existing gateway credentials. If those files contain tokens for other services, consider running the skill in an isolated environment (container/VM) or remove/rotate those tokens first.
- The code spawns local CLIs and arbitrary child processes to implement tools (send_message, reminders). Only run it on machines where you trust installed command-line tools; do not run on machines with sensitive credentials/configs.
- The metadata omitted cloudflared and local CLI requirements. Ensure cloudflared is installed if you expect automatic tunneling, or disable the tunnel and provide a manually configured publicly reachable webhook.
- Least-privilege advice: give the TELNYX_API_KEY only the minimum permissions needed (voice/call-control), and avoid running on hosts that contain other service tokens. Prefer testing in an isolated environment first and inspect logs and network traffic (or audit code) before deploying to production.
Capability Analysis
Type: OpenClaw Skill
Name: telnyx-voice-sip
Version: 1.0.0
The skill is classified as suspicious due to several vulnerabilities that could be exploited for unauthorized actions. Specifically, the `addReminder` function in `src/dev.ts` constructs a shell command using user-provided input (`time` parameter) without sufficient sanitization, posing a shell injection risk. Additionally, the `sendMessage` function in `src/dev.ts` forwards user-controlled content as a prompt to a local gateway agent, creating a prompt injection vector against that agent. Finally, the `loadPersonalization` function in `src/dev.ts` incorporates content from `IDENTITY.md` and `USER.md` directly into the voice LLM's system prompt, presenting a prompt injection risk if these files are compromised.
Capability Assessment
Purpose & Capability
Name/description (Telnyx SIP voice control) mostly align with the code: it uses the Telnyx API, implements webhook handlers, STT/TTS, and function-calling tools. However, the code also expects/uses local gateway tooling and may run local CLI commands (openclaw/clawdbot/moltbook) and will attempt to start a cloudflared tunnel — binaries/configs not declared in the skill metadata (cloudflared and local CLIs). These extras are plausible for cross-channel messaging and 'auto-setup' but are not proportional to what's declared in required bins/envs.
Instruction Scope
SKILL.md tells agents to run persistent servers (nohup), start the service, and expects the agent to run shell commands. The runtime code reads workspace files (IDENTITY.md, USER.md) which the doc mentions, but it also reads user home config files (~/.openclaw/openclaw.json and ~/.clawdbot/clawdbot.json) to extract a gateway URL/token — this is not declared under required config paths. The code will execute local CLIs and child processes to perform tools (send_message, add_reminder, etc.), which grants the skill the ability to run arbitrary commands via the host CLI stack; the SKILL.md does not clearly warn about reading home-configs or executing arbitrary local tooling.
Install Mechanism
There is no formal install spec (instruction-only install via npm). package.json lists reasonable dependencies (express, telnyx, openai). The tunnel manager spawns the cloudflared binary but cloudflared is not listed among required binaries in metadata or SKILL.md; that mismatch means the code may fail or silently try to start a binary that isn’t present. No remote downloads or obscure URLs are used in the included files.
Credentials
Declared required env is a single TELNYX_API_KEY (appropriate). But the code also reads/uses other environment values and local config files (WORKSPACE_DIR, HOME, ~/.openclaw/openclaw.json, ~/.clawdbot/clawdbot.json) to obtain gateway URL and gateway auth token — effectively reading unrelated credentials from the host. That access is not disclosed in the metadata (required config paths = none) and expands the blast radius beyond Telnyx.
Persistence & Privilege
The skill requires persistent background execution (SKILL.md instructs using nohup or a process manager) and will open an inbound webhook by creating a public tunnel and updating/creating Telnyx Call Control Applications (using the provided TELNYX_API_KEY). While always:false and autonomous invocation are normal, the combination of persistent network exposure (cloudflared tunnel), ability to create/modify Telnyx apps, and potential access to gateway tokens and local CLIs elevates privilege and risk — especially if run on a machine with sensitive local configs or credentials.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install telnyx-voice-sip - After installation, invoke the skill by name or use
/telnyx-voice-sip - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release — adds SIP voice call control with Telnyx integration.
- Enable hands-free voice assistant via Telnyx SIP calls.
- Supports natural conversation, function calling, and tool execution.
- Easy agent setup with step-by-step configuration and persistent server management.
- Multiple voices and language models configurable via environment variables.
- Features barge-in, personalization, and automatic Cloudflare tunnel setup.
- Includes troubleshooting section and tool listing for user reference.
Metadata
Frequently Asked Questions
What is Sip Voice Call Control?
Voice interface using Telnyx Call Control API. Answer phone calls with AI, function calling, and natural conversation. Use for hands-free assistant access, phone-based reminders, or voice-controlled tools. Requires Node.js and Telnyx API key. It is an AI Agent Skill for Claude Code / OpenClaw, with 1329 downloads so far.
How do I install Sip Voice Call Control?
Run "/install telnyx-voice-sip" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Sip Voice Call Control free?
Yes, Sip Voice Call Control is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Sip Voice Call Control support?
Sip Voice Call Control is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Sip Voice Call Control?
It is built and maintained by teamtelnyx (@teamtelnyx); the current version is v1.0.0.
More Skills