← Back to Skills Marketplace

Mobayilo Voice (Beta)

Name: Mobayilo Voice (Beta)
Author: adusingi

by adusingi · GitHub ↗ · v0.2.0-beta.1

cross-platform ⚠ suspicious

402

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install mobayilo-voice

Description

Place outbound phone calls via Mobayilo with safe defaults (preview mode by default) and explicit live execution.

Usage Guidance

This skill appears to be what it claims: a guarded wrapper around the Mobayilo 'moby' CLI that defaults to dry-run. Before installing or running it, check the following: - Confirm you trust the moby CLI binary and its install method. The repo's runbook suggests running a remote installer via curl | sh (https://mobycli.mobayilo.com/install.sh). Audit that script or prefer an OS package/build-from-source path instead. - Be aware the adapter reads config/defaults.yaml (or the path set by MOBY_CONFIG) and will use MOBY_CLI_PATH if present. Review the config file for CLI path, host, and log locations. - The code honors MOBY_ALLOW_NON_PROD_HOST and MOBY_REQUIRE_APPROVAL. If you do not want non-prod hosts or automated live calls, keep MOBY_ALLOW_NON_PROD_HOST unset and keep the approval gate enabled or avoid passing --execute/--approved in automated workflows. - The adapter queries a local agent HTTP endpoint (127.0.0.1:7788) and may open a macOS browser tab. If you run in a restricted environment, ensure that local agent endpoint is acceptable. - The skill writes logs/telemetry JSONL to local files (masked phone numbers by default). Confirm log paths are acceptable and that sensitive data handling meets your policies. - Because registry metadata only lists MOBY_HOST but the code reads additional env vars, inspect and set MOBY_CONFIG, MOBY_CLI_PATH, MOBY_ALLOW_NON_PROD_HOST, and MOBY_REQUIRE_APPROVAL explicitly as needed. If these behaviors are acceptable and you validate the moby CLI source, this skill is coherent with its stated purpose. If any of the above is unexpected, review the source and run the scripts in a sandbox before enabling in production.

Capability Analysis

Type: OpenClaw Skill Name: mobayilo-voice Version: 0.2.0-beta.1 The skill is classified as suspicious due to its extensive use of `subprocess.run` and `subprocess.Popen` to execute an external `moby` CLI binary and manage local processes (e.g., `moby agent run`, `os.kill` for process management). While arguments are passed safely as lists, preventing direct shell injection, the `cli_path` and `twilio_sdk_path` are configurable via `config/defaults.yaml` or environment variables. An attacker with control over these configurations could redirect the skill to execute arbitrary malicious binaries. Additionally, the `docs/runbook.md` contains `curl -fsSL https://mobycli.mobayilo.com/install.sh | sh` for CLI installation, which is a supply chain risk, though not executed by the skill itself. The skill does implement several guardrails (host policy, destination validation, phone masking) and shows no clear intent of self-exploitation or other malicious behavior.

Capability Assessment

✓ Purpose & Capability

Name and description (outbound calls via Mobayilo) align with the implementation: the code calls the 'moby' CLI, validates destinations, enforces host/approval guardrails, masks phone numbers, emits telemetry, and exposes check_status/start_call entrypoints. Required binary 'moby' and MOBY_HOST env are consistent with purpose.

ℹ Instruction Scope

SKILL.md instructs the agent to run the provided check_status and start_call scripts (dry-run by default). The adapter also reads a local config (config/defaults.yaml or MOBY_CONFIG), writes event/telemetry JSONL files, and queries a local agent HTTP endpoint (http://127.0.0.1:7788/) to monitor call progress. Those behaviors are plausible for a desktop-integrated calling adapter but widen the skill's operational scope beyond a simple remote API call — in particular, local HTTP access, filesystem writes, and optional opening of a browser/tab (macOS only) are performed.

ℹ Install Mechanism

There is no install spec in the registry (instruction-only skill) so nothing will be auto-downloaded during install. However the runbook/README suggests installing the moby CLI via a remote install script (curl -fsSL https://mobycli.mobayilo.com/install.sh | sh) or building from source; the documented curl|sh pattern is a high-risk operation if performed blindly and should be audited before running.

⚠ Credentials

Registry metadata lists only MOBY_HOST as a required env var, but the code also reads and relies on several other environment variables (MOBY_CONFIG, MOBY_CLI_PATH, MOBY_ALLOW_NON_PROD_HOST, MOBY_REQUIRE_APPROVAL, and optional MOBY_TWILIO_SDK_PATH). Some are optional guardrails, but the declared env list is incomplete and could surprise an operator. The skill does not request cloud credentials or unrelated secrets, and no primary credential is declared.

✓ Persistence & Privilege

The skill does not request 'always: true' and will not auto-enable itself globally. It writes logs and telemetry to local paths (configurable) and may create files; this is expected for an adapter that records events. It does not modify other skills' configs.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install mobayilo-voice
After installation, invoke the skill by name or use /mobayilo-voice
Provide required inputs per the skill's parameter spec and get structured output

Version History

v0.2.0-beta.1

Initial public beta release of Mobayilo Voice for OpenClaw. - Added readiness checks (auth, balance, caller ID verification) - Added a safe calling flow: by default it prepares/checks the call without dialing, and only places a real call when live mode is explicitly enabled. - Added optional callback and fallback callback controls - Added optional approval gate support - Added masked logging/telemetry behavior for phone numbers - Added docs/runbook and workflow-oriented integration guidance Known limitation: - Desktop agent-mode call progression messaging is still being refined for fully human-friendly UX in all environments.

Metadata

Slug mobayilo-voice

Version 0.2.0-beta.1

License —

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Mobayilo Voice (Beta)?

Place outbound phone calls via Mobayilo with safe defaults (preview mode by default) and explicit live execution. It is an AI Agent Skill for Claude Code / OpenClaw, with 402 downloads so far.

How do I install Mobayilo Voice (Beta)?

Run "/install mobayilo-voice" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Mobayilo Voice (Beta) free?

Yes, Mobayilo Voice (Beta) is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Mobayilo Voice (Beta) support?

Mobayilo Voice (Beta) is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Mobayilo Voice (Beta)?

It is built and maintained by adusingi (@adusingi); the current version is v0.2.0-beta.1.

More Skills