功能描述

FastAPI personalization webhook that adds persistent caller memory and dynamic context injection to ElevenLabs Conversational AI agents on Twilio. No audio proxying, file-based persistence, OpenClaw compatible.

使用说明 (SKILL.md)

elevenlabs-twilio-memory-bridge

Name: Elevenlabs Twilio Memory Bridge
Author: britrik

Personalization webhook service for ElevenLabs + Twilio voice agents with persistent caller memory.

What It Does

When a call arrives on your Twilio number, ElevenLabs' native integration triggers this webhook. The bridge looks up the caller's history, loads long-term memory facts and daily context notes, combines them with a customizable soul/personality template, and returns everything as a system prompt override so your agent greets each caller with full context.

Architecture

No audio proxying - ElevenLabs and Twilio handle media directly
Webhook only - called once per inbound call to inject context
File-based persistence - JSON files in ./data/, zero external dependencies
OpenClaw compatible - works with any OpenAI-compatible LLM endpoint

Endpoints

Endpoint	Method	Purpose
`/webhook/personalize`	POST	ElevenLabs calls this on inbound call
`/webhook/post-call`	POST	Optional post-call cleanup
`/api/memory/{phone_hash}`	POST	Add long-term fact about a caller
`/api/notes`	POST	Add global or caller-scoped context note
`/health`	GET	Health check

Setup

Clone repo, pip install -r requirements.txt
Copy .env.example to .env, fill in secrets
Configure ElevenLabs agent with Custom LLM pointing to your OpenClaw instance
Enable system prompt + first message overrides in agent Security settings
Add webhook URL https://your-domain/webhook/personalize in ElevenLabs settings
Import Twilio number in ElevenLabs dashboard
Run: uvicorn app:app --host 0.0.0.0 --port 8000

Required Environment Variables

ELEVENLABS_API_KEY - scoped ElevenLabs key
ELEVENLABS_AGENT_ID - your agent ID
OPENCLAW_API_BASE_URL - your OpenClaw instance URL
PUBLIC_BASE_URL - publicly reachable URL of this service

Security

All caller phone numbers are SHA-256 hashed before storage/logging
Secrets loaded exclusively from environment variables
Optional HMAC webhook signature verification
Safe for public GitHub repos, no secrets in source

安全使用建议

This implementation appears to do what it says, but take care before deploying: - Metadata mismatch: the registry listing claims no required env vars, but SKILL.md and manifest.json require ELEVENLABS_API_KEY, ELEVENLABS_AGENT_ID, OPENCLAW_API_BASE_URL, PUBLIC_BASE_URL (and optional WEBHOOK_SECRET). Treat the manifest/SKILL.md as authoritative and correct the registry metadata if you publish. - Mandatory webhook verification: set WEBHOOK_SECRET and configure the same secret in ElevenLabs so the service verifies HMAC signatures. Without this, anyone can POST to /webhook/personalize and mimic ElevenLabs. - Protect admin endpoints: /api/memory/{phone_hash} and /api/notes allow adding content that will be injected into the system prompt. These endpoints have no authentication in the provided code — run the service behind a firewall/reverse-proxy and require authentication (API key, IP allowlist, or at minimum basic auth) or remove these endpoints in public deployments. - Audit the soul_template: it contains sensitive personal details (names, health, family) — review and remove or sanitize any PII you don't want stored or exposed in a public repo or public endpoint. - Use TLS and network controls: run behind TLS (Cloudflare Tunnel, nginx with TLS), restrict access to known ElevenLabs IPs if possible, and put the service on a private network or auth-protected endpoint. - File permissions and backups: DATA_DIR holds persistent memories — ensure correct filesystem permissions, encryption at rest if needed, and retention/erasure policies for privacy compliance. - Least-privilege API keys: use scoped ElevenLabs/OpenClaw keys and rotate them regularly. If you harden the webhook (enforce HMAC, authenticate admin endpoints, and restrict network access) and correct the listing metadata, the skill is coherent with its stated purpose. Without those mitigations it presents a real risk of remote prompt injection and data manipulation.

功能分析

Type: OpenClaw Skill Name: elevenlabs-twilio-memory-bridge Version: 1.0.0 The skill is a FastAPI application designed to act as a personalization webhook for ElevenLabs conversational AI agents. It uses file-based persistence for caller memory and notes within a designated `./data` directory, hashes phone numbers for privacy, and includes HMAC webhook signature verification. All file operations and network interactions are aligned with its stated purpose of injecting context into an LLM. There is no evidence of data exfiltration, malicious execution, persistence mechanisms beyond its own data files, or prompt injection against the OpenClaw agent itself. The instructions in SKILL.md and README.md are for user setup, and the `soul_template.md` is for prompt engineering the target LLM, not for subverting the OpenClaw platform.

能力评估

ℹ Purpose & Capability

The code implements a FastAPI webhook that assembles a system prompt from a soul template, per-caller session state, memories, and notes — this aligns with the skill's stated purpose. However the registry metadata (top-level summary) claims 'Required env vars: none' and 'Primary credential: none', while SKILL.md and manifest.json declare ELEVENLABS_API_KEY, ELEVENLABS_AGENT_ID, OPENCLAW_API_BASE_URL, PUBLIC_BASE_URL (and optional WEBHOOK_SECRET). That metadata mismatch is inconsistent and should be corrected.

⚠ Instruction Scope

SKILL.md and the code instruct running a public webhook that persists JSON under ./data and exposes endpoints to add memories/notes. The code does not require authentication for the admin API endpoints (/api/memory/{phone_hash}, /api/notes) and the personalization webhook signature verification is optional (depends on WEBHOOK_SECRET). If the webhook secret is not set or endpoints are publicly reachable without further restrictions, an attacker can post arbitrary memory/notes which are injected into the system prompt (direct prompt injection of the agent). The instructions do recommend setting WEBHOOK_SECRET and TLS but do not mandate or show how to enforce authenticated access for the memory/notes endpoints.

✓ Install Mechanism

No high-risk install mechanism is present: repository contains requirements.txt and typical pip install instructions. There are no downloads from untrusted URLs or extract steps. The skill is distributed as source files; install risk is standard for a Python web app.

ℹ Credentials

Requested environment variables (ELEVENLABS_API_KEY, ELEVENLABS_AGENT_ID, OPENCLAW_API_BASE_URL, PUBLIC_BASE_URL, optional WEBHOOK_SECRET, DATA_DIR, etc.) are appropriate for the described integration. The inconsistency is that the registry metadata claims none are required while manifest.json and SKILL.md list them — this is an incoherence in metadata, not the runtime behavior. The soul_template.md contains highly personal context (named individual 'Richard', family details) which is expected for personalization but is sensitive and should be reviewed before publishing or deploying.

ℹ Persistence & Privilege

The service writes persistent JSON files under DATA_DIR (./data by default) for sessions, memories, and notes. This is proportional to the feature (file-backed persistence). always:true is not set. The skill does not request elevated system privileges or attempt to modify other skills/configs. Ensure proper filesystem permissions and that the data directory is protected and backed up/erased per privacy requirements.

版本历史

v1.0.0

Initial release of elevenlabs-twilio-memory-bridge. - Adds persistent, file-based caller memory to ElevenLabs + Twilio voice agents. - Injects dynamic, personalized context and long-term memory at each call via FastAPI webhook. - No audio proxying; only context injection through system prompt overrides. - Fully compatible with OpenClaw and any OpenAI API-compatible LLM. - Exposes endpoints for memory/notes management, post-call cleanup, and health check. - Secure by design: hashes caller info, loads secrets from environment, optional HMAC verification.

v0.1.0

Initial public release of elevenlabs-twilio-memory-bridge: - Adds persistent caller memory, dynamic context injection, and session continuity for ElevenLabs Conversational AI agents via Twilio. - Implements lightweight FastAPI webhook architecture with no audio proxying. - Supports JSON file-based storage in ./data/ for zero external dependencies. - Compatible with OpenClaw and any OpenAI-compatible LLM backend. - Provides endpoints for personalization, memory management, and health checking. - Secures caller identity using SHA-256 hashing; all secrets via environment variables.

元数据

Slug elevenlabs-twilio-memory-bridge

版本 1.0.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 2

常见问题