← 返回 Skills 市场

Google Voice Caller

Name: Google Voice Caller
Author: joe12801

作者 joe12801 · GitHub ↗ · v1.2.1 · MIT-0

cross-platform ⚠ suspicious

197

总下载

当前安装

版本数

在 OpenClaw 中安装

/install google-voice-caller

功能描述

Automate Google Voice calls with AI-generated voice (TTS) or local audio injection.

使用说明 (SKILL.md)

google-voice-caller 📞

简体中文 | English

简体中文

一个让你的 OpenClaw Agent 具备物理外呼能力的黑科技插件。它通过无头浏览器（Puppeteer）直接驱动 Google Voice 网页端，实现低成本、自动化的语音通话。

✨ 核心特性

自动拨号：支持全球号码拨打（遵循 Google Voice 费率）。
音频注入：支持将 AI 生成的语音（TTS）或本地 .wav 文件直接“灌入”通话，对方接听即可听到。
自然语言交互：直接对 Agent 说“给主人打个电话说开会了”，即可自动触发。
持久会话：通过 Cookie 注入，无需反复登录验证。

🛠️ 前置要求

Google Voice 账户：且账户内有足够余额（拨打非美加号码）。
环境依赖：chromium, ffmpeg, puppeteer-core。
认证信息：在技能目录下准备好 google_voice_cookies.json。

🚀 快速开始

"打电话给 +8615912345678 告诉他文档已经写好了。"

English

A powerful plugin that grants your OpenClaw Agent the ability to make physical phone calls. It drives the Google Voice web interface via a headless browser (Puppeteer), enabling low-cost, automated voice communication.

✨ Key Features

Automated Dialing: Supports global calling (following Google Voice rates).
Audio Injection: Directly inject AI-generated voice (TTS) or local .wav files into the call stream.
Natural Language Interaction: Just say "Call my boss and tell him I'm on my way" to trigger the action.
Persistent Session: Uses cookie injection to skip repetitive login verifications.

🛠️ Prerequisites

Google Voice Account: Ensure sufficient balance for non-US/Canada calls.
Environment: chromium, ffmpeg, puppeteer-core.
Auth: Place google_voice_cookies.json in the skill directory.

🚀 Quick Start

"Call +1234567890 and say the report is ready."

⚙️ Parameters / 参数说明

Parameter	Required	Default	Description
`--number`	✅	-	Target number (E.164 format)
`--text`	❌	-	Text to speak (Auto TTS)
`--audio`	❌	-	Local audio path (.wav)
`--duration`	❌	60	Call duration in seconds

⚠️ Security & Privacy

Keep your google_voice_cookies.json secure.
Comply with local laws. Do NOT use for harassment or illegal activities.

Author: Joe & OpenClaw Assistant License: MIT

安全使用建议

Do not install or run this skill as-is. The package contains a google_voice_cookies.json file with session cookies that grant access to a Google account; using it could let whoever controls the cookies make calls, incur charges, or access account data. Before using this skill: 1) Remove the bundled google_voice_cookies.json and never run code with unknown session cookies. 2) Prefer an official auth flow or supply your own credentials/cookies from an account you control, and verify their provenance. 3) Run the skill in an isolated environment (not as root) and ensure Chromium's sandbox is available; avoid --no-sandbox if possible. 4) Audit lib/engine.js for any outbound network calls or exfiltration and confirm recordings are stored only where you expect. 5) Consider legal/privacy implications of automated calling and recording in your jurisdiction. If you cannot verify the cookie ownership and intent of the publisher, treat this package as unsafe and avoid installing it.

功能分析

Type: OpenClaw Skill Name: google-voice-caller Version: 1.2.1 The skill bundle provides functional code for automating Google Voice calls via Puppeteer, but it includes a 'google_voice_cookies.json' file containing what appear to be live, high-entropy Google session cookies (e.g., __Secure-1PSID, SID). While the code in 'lib/engine.js' and 'bin/call.sh' aligns with the stated purpose of making calls and recording audio, the inclusion of hardcoded authentication tokens in a distributed package is a severe security risk. Additionally, the engine uses high-risk browser flags like '--no-sandbox' and '--allow-file-access' to facilitate audio injection and recording to '/tmp', which could be repurposed for unauthorized surveillance or account abuse.

能力评估

ℹ Purpose & Capability

The name/description, SKILL.md, and code align: Puppeteer-driven Chromium + ffmpeg + TTS/audio injection to drive voice.google.com is coherent with an automated caller. However, the skill ships a full google_voice_cookies.json file (session cookies) inside the repository — that is not required to describe the capability and is disproportionate and dangerous. The code also supports GV_COOKIE_PATH via env but the skill declares no env requirements.

⚠ Instruction Scope

Runtime instructions and engine.js explicitly read a cookie file, set cookies into the headless page, navigate to voice.google.com, click UI to place calls, inject a fake-audio file, and capture recorded audio into /tmp. Those actions are directly tied to the stated purpose, but the instructions/docs ask the user to 'place google_voice_cookies.json' while the repository already contains one — this contradicts the 'keep cookies secure' guidance and widens the attack surface. The engine captures audio in-page and writes it to /tmp, but does not show exfiltration to external servers.

✓ Install Mechanism

No install spec is provided (instruction-only), which is lower risk. The skill expects puppeteer-core, chromium, and ffmpeg — reasonable for the functionality. There is no remote download/install URL in the package, so installation risk is limited to the usual Node/native dependencies. Note: the package includes node code but no package.json; consumers must ensure dependencies are installed correctly.

⚠ Credentials

The package bundles google_voice_cookies.json containing many Google session cookies (APISID, SID, HSID, etc.). Requesting or embedding full session cookies is disproportionate compared to the declared requirements (the SKILL.md says to provide your own cookies but the repo includes them). The code will use those cookies by default (or GV_COOKIE_PATH if set), granting whoever runs the skill immediate authenticated access to the associated Google account. No other env secrets are declared, but GV_COOKIE_PATH is referenced without being documented as required.

⚠ Persistence & Privilege

The skill is not force-enabled (always:false) and is user-invocable, which is normal. However, autonomous invocation plus included account cookies increases blast radius: an agent could autonomously place calls using the embedded account. The Chromium launch disables sandboxing (--no-sandbox) which weakens process isolation and is an additional operational risk.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install google-voice-caller
安装完成后，直接呼叫该 Skill 的名称或使用 /google-voice-caller 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.2.1

Updated workflow: disabled Whisper transcription and switched to direct MP3 upload to Feishu Drive for faster feedback.

v1.2.0

Major logic upgrade: fixed audio loop (echo/noise issue) by appending silence, added automatic MediaRecorder for incoming voice capture, and integrated post-call transcription via Whisper.

v1.1.1

Added English documentation and bilingual support.

v1.1.0

Renamed skill from gv-caller to google-voice-caller for better clarity.

元数据

Slug google-voice-caller

版本 1.2.1

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 4

常见问题