Phone Caller

Make AI-powered outbound phone calls using ElevenLabs voice + GPT brain + Twilio. Supports one-way pre-recorded messages AND live two-way conversations where...

Before installing or running this skill, consider the following: - Metadata mismatch: The registry claims no required env vars, but the SKILL.md and scripts require multiple sensitive keys (ELEVENLABS_API_KEY, TWILIO_ACCOUNT_SID/TWILIO_AUTH_TOKEN/TWILIO_PHONE_NUMBER, OPENAI_API_KEY) and a MASTER_PHONE for iMessage. Treat those keys as sensitive and confirm you are willing to provide them. - iMessage sending: server.py calls a local 'imsg' CLI to send summaries to MASTER_PHONE. That will send messages from your machine/account — only set MASTER_PHONE if you want automatic iMessage output, and verify the 'imsg' tool behavior first. - Public exposure: Interactive mode requires tunneling (localtunnel/ngrok) which exposes your local server to the internet. Only run behind a tunnel you control and on a machine you trust. Consider restricting usage to test numbers and isolated environments. - Third-party hosting: One-way mode uploads generated audio to tmpfiles.org (60m TTL). That stores audio on a third-party server; do not upload sensitive content there. Consider hosting audio yourself or using a trusted storage service. - Least privilege: Use dedicated or limited-scope API keys (Twilio subaccount, ElevenLabs key with limited usage if possible, and a separate OpenAI key) and rotate them after testing. - Platform assumptions: The code assumes availability of Python packages (twilio, flask, openai, requests) and the 'imsg' CLI (macOS). Verify these dependencies and platform compatibility. - Code review & testing: Because the skill contains executable scripts, review the source and run in a sandboxed environment (VM or isolated container) before granting real credentials or calling real phone numbers. Test with verified/test phone numbers and a Twilio trial or subaccount. If you proceed, minimize blast radius: create limited API keys, avoid using personal iMessage accounts, avoid uploading private audio to tmpfiles.org, and monitor network traffic while testing.

Type: OpenClaw Skill Name: phone-caller Version: 1.0.0 The skill is suspicious due to multiple vulnerabilities. The most critical is the potential for shell injection in `scripts/server.py`. The `send_summary` function uses `subprocess.run` to execute `imsg` with a `--text` argument containing GPT-generated summary and user-influenced transcript. This creates an RCE risk if the `imsg` command is vulnerable to argument injection or if the GPT model can be prompted to generate shell metacharacters. Additionally, the skill is vulnerable to prompt injection against the GPT model in `scripts/interactive_call.py` and `scripts/server.py`, where user-controlled `persona` and `opening` arguments are directly used as prompts, potentially allowing manipulation of the AI's behavior. The skill also sends sensitive conversation data (summaries and transcripts) via iMessage to a configured `MASTER_PHONE`.