← 返回 Skills 市场
2764
总下载
4
收藏
13
当前安装
1
版本数
在 OpenClaw 中安装
/install phone-voice
功能描述
Connect ElevenLabs Agents to your OpenClaw via phone with Twilio. Includes caller ID auth, voice PIN security, call screening, memory injection, and cost tracking.
安全使用建议
This skill's purpose is plausible, but the SKILL.md expects you to provide and expose several sensitive credentials and local data while running a public-facing bridge — and the registry metadata does not declare those requirements. Before installing or running anything: 1) Do not copy unreviewed bridge code from unknown sources — implement or review the FastAPI bridge yourself. 2) Use dedicated, least-privilege API keys (separate accounts or scoped tokens) for Twilio/ElevenLabs/Anthropic and rotate them after testing. 3) Avoid storing long-term secrets in plaintext .env; use a secrets manager if possible and prefer short-lived tokens. 4) Run the bridge in an isolated VM/container with strict network/firewall rules and logging. 5) Be cautious about memory files (MEMORY.md, USER.md, transcripts) — they contain personal data and will be sent to external LLM services; redact or limit sensitive content. 6) Prefer temporary tunnels (ngrok short-lived) or carefully configured Cloudflare tunnels, and restrict incoming origins and auth. 7) Ask the publisher for the bridge source code, an explicit list of required env vars, and instructions for secure deployment; if they cannot provide it, consider this skill suspicious and avoid running it in production. Additional info that would raise confidence to 'high': the actual bridge source code for review, a declared env var list in registry metadata, and documented token scoping/retention policies.
功能分析
Type: OpenClaw Skill
Name: phone-voice
Version: 2.0.0
The skill is classified as suspicious due to several high-risk capabilities described in `SKILL.md`. The custom bridge server can execute external commands (e.g., `gog CLI` for calendar events), which could lead to arbitrary command execution if exploited. It also explicitly injects content from `MEMORY.md` and `USER.md` into the LLM's system prompt, creating a significant prompt injection surface. Furthermore, an `/call/outbound` endpoint allows making phone calls, which could be abused if the authentication token is compromised. These capabilities, while potentially intended for functionality, introduce substantial security risks without clear malicious intent in the provided documentation.
能力评估
Purpose & Capability
The stated purpose (connect ElevenLabs + Twilio + Anthropic via a bridge) reasonably requires Twilio, ElevenLabs, and Anthropic credentials and a network tunnel. However the registry metadata claims no required environment variables or config paths while the SKILL.md clearly expects many secrets and local files (MEMORY.md, USER.md, .env, contacts.json). That mismatch is notable.
Instruction Scope
SKILL.md instructs the agent/operator to load and inject local sensitive files (MEMORY.md, USER.md, recent transcripts) into prompts, to store voice PINs and other secrets in .env, and to transmit conversation data to external services (ElevenLabs, Anthropic, Twilio). It also suggests optional live data (calendar, weather) via external CLIs/APIs. These actions read and transmit sensitive local data not declared in the skill metadata and could leak private information if misconfigured.
Install Mechanism
This is instruction-only (no install spec or code), which reduces direct install risk. The doc recommends installing cloudflared or using ngrok (standard tooling) via brew/ngrok; that is expected for exposing a local bridge but increases exposure. Because there's no provided code to review, the bridge implementation is unspecified — you must supply or review that code yourself.
Credentials
Although the registry lists no required env vars, the instructions require multiple high-privilege secrets (ElevenLabs API key/xi-api-key, Twilio Account SID/Auth Token, Anthropic API key, a bridge auth token, possibly calendar API tokens). Requesting all of these is reasonable for the feature set, but the skill under-declares them and gives no guidance on least-privilege, token scoping, or secure storage. Storing PINs and tokens in plaintext .env files is explicitly suggested, which is risky.
Persistence & Privilege
The skill does not request 'always' privilege, which is good, but it instructs you to run a permanent Cloudflare tunnel or ngrok exposing a local server to the internet. That materially increases attack surface and persistence of external access to your machine and any files the bridge can read. The bridge will handle credentials and transcripts, so run it in an isolated environment and ensure proper access controls.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install phone-voice - 安装完成后,直接呼叫该 Skill 的名称或使用
/phone-voice触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.0.0
**Major upgrade with new features and security enhancements.**
- Adds caller ID authentication and voice PIN security.
- Introduces call screening, configurable whitelist, and rate limiting.
- Full memory injection from files and recent transcripts before each call.
- Tracks costs per call and logs detailed breakdowns.
- Supports permanent (Cloudflare) or temporary (ngrok) tunnels.
- Hands-off OpenClaw chat completions—bridge now connects directly to Anthropic Claude.
元数据
常见问题
Phone Voice Integration 是什么?
Connect ElevenLabs Agents to your OpenClaw via phone with Twilio. Includes caller ID auth, voice PIN security, call screening, memory injection, and cost tracking. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2764 次。
如何安装 Phone Voice Integration?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install phone-voice」即可一键安装,无需额外配置。
Phone Voice Integration 是免费的吗?
是的,Phone Voice Integration 完全免费(开源免费),可自由下载、安装和使用。
Phone Voice Integration 支持哪些平台?
Phone Voice Integration 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Phone Voice Integration?
由 Roaming(@cortexuvula)开发并维护,当前版本 v2.0.0。
推荐 Skills