← 返回 Skills 市场
Sip Voice Call Control
作者
teamtelnyx
· GitHub ↗
· v1.0.0
1329
总下载
1
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install telnyx-voice-sip
功能描述
Voice interface using Telnyx Call Control API. Answer phone calls with AI, function calling, and natural conversation. Use for hands-free assistant access, phone-based reminders, or voice-controlled tools. Requires Node.js and Telnyx API key.
安全使用建议
This skill is plausible for Telnyx voice handling, but it does a few surprising things you should evaluate before installing:
- Review the code yourself (src/tunnel.ts and src/dev.ts). It will attempt to start a cloudflared tunnel and create/update Telnyx Call Control Applications using your TELNYX_API_KEY — that will publish a webhook URL and may create SIP subdomains in your Telnyx account.
- The skill reads workspace files (IDENTITY.md, USER.md) and also tries to read ~/.openclaw/openclaw.json and ~/.clawdbot/clawdbot.json to obtain a gateway URL and token. If you have other agent/CLI tools installed, this could allow the skill to use existing gateway credentials. If those files contain tokens for other services, consider running the skill in an isolated environment (container/VM) or remove/rotate those tokens first.
- The code spawns local CLIs and arbitrary child processes to implement tools (send_message, reminders). Only run it on machines where you trust installed command-line tools; do not run on machines with sensitive credentials/configs.
- The metadata omitted cloudflared and local CLI requirements. Ensure cloudflared is installed if you expect automatic tunneling, or disable the tunnel and provide a manually configured publicly reachable webhook.
- Least-privilege advice: give the TELNYX_API_KEY only the minimum permissions needed (voice/call-control), and avoid running on hosts that contain other service tokens. Prefer testing in an isolated environment first and inspect logs and network traffic (or audit code) before deploying to production.
功能分析
Type: OpenClaw Skill
Name: telnyx-voice-sip
Version: 1.0.0
The skill is classified as suspicious due to several vulnerabilities that could be exploited for unauthorized actions. Specifically, the `addReminder` function in `src/dev.ts` constructs a shell command using user-provided input (`time` parameter) without sufficient sanitization, posing a shell injection risk. Additionally, the `sendMessage` function in `src/dev.ts` forwards user-controlled content as a prompt to a local gateway agent, creating a prompt injection vector against that agent. Finally, the `loadPersonalization` function in `src/dev.ts` incorporates content from `IDENTITY.md` and `USER.md` directly into the voice LLM's system prompt, presenting a prompt injection risk if these files are compromised.
能力评估
Purpose & Capability
Name/description (Telnyx SIP voice control) mostly align with the code: it uses the Telnyx API, implements webhook handlers, STT/TTS, and function-calling tools. However, the code also expects/uses local gateway tooling and may run local CLI commands (openclaw/clawdbot/moltbook) and will attempt to start a cloudflared tunnel — binaries/configs not declared in the skill metadata (cloudflared and local CLIs). These extras are plausible for cross-channel messaging and 'auto-setup' but are not proportional to what's declared in required bins/envs.
Instruction Scope
SKILL.md tells agents to run persistent servers (nohup), start the service, and expects the agent to run shell commands. The runtime code reads workspace files (IDENTITY.md, USER.md) which the doc mentions, but it also reads user home config files (~/.openclaw/openclaw.json and ~/.clawdbot/clawdbot.json) to extract a gateway URL/token — this is not declared under required config paths. The code will execute local CLIs and child processes to perform tools (send_message, add_reminder, etc.), which grants the skill the ability to run arbitrary commands via the host CLI stack; the SKILL.md does not clearly warn about reading home-configs or executing arbitrary local tooling.
Install Mechanism
There is no formal install spec (instruction-only install via npm). package.json lists reasonable dependencies (express, telnyx, openai). The tunnel manager spawns the cloudflared binary but cloudflared is not listed among required binaries in metadata or SKILL.md; that mismatch means the code may fail or silently try to start a binary that isn’t present. No remote downloads or obscure URLs are used in the included files.
Credentials
Declared required env is a single TELNYX_API_KEY (appropriate). But the code also reads/uses other environment values and local config files (WORKSPACE_DIR, HOME, ~/.openclaw/openclaw.json, ~/.clawdbot/clawdbot.json) to obtain gateway URL and gateway auth token — effectively reading unrelated credentials from the host. That access is not disclosed in the metadata (required config paths = none) and expands the blast radius beyond Telnyx.
Persistence & Privilege
The skill requires persistent background execution (SKILL.md instructs using nohup or a process manager) and will open an inbound webhook by creating a public tunnel and updating/creating Telnyx Call Control Applications (using the provided TELNYX_API_KEY). While always:false and autonomous invocation are normal, the combination of persistent network exposure (cloudflared tunnel), ability to create/modify Telnyx apps, and potential access to gateway tokens and local CLIs elevates privilege and risk — especially if run on a machine with sensitive local configs or credentials.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install telnyx-voice-sip - 安装完成后,直接呼叫该 Skill 的名称或使用
/telnyx-voice-sip触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release — adds SIP voice call control with Telnyx integration.
- Enable hands-free voice assistant via Telnyx SIP calls.
- Supports natural conversation, function calling, and tool execution.
- Easy agent setup with step-by-step configuration and persistent server management.
- Multiple voices and language models configurable via environment variables.
- Features barge-in, personalization, and automatic Cloudflare tunnel setup.
- Includes troubleshooting section and tool listing for user reference.
元数据
常见问题
Sip Voice Call Control 是什么?
Voice interface using Telnyx Call Control API. Answer phone calls with AI, function calling, and natural conversation. Use for hands-free assistant access, phone-based reminders, or voice-controlled tools. Requires Node.js and Telnyx API key. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1329 次。
如何安装 Sip Voice Call Control?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install telnyx-voice-sip」即可一键安装,无需额外配置。
Sip Voice Call Control 是免费的吗?
是的,Sip Voice Call Control 完全免费(开源免费),可自由下载、安装和使用。
Sip Voice Call Control 支持哪些平台?
Sip Voice Call Control 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Sip Voice Call Control?
由 teamtelnyx(@teamtelnyx)开发并维护,当前版本 v1.0.0。
推荐 Skills