ClawAudit verdict
clawcall
clawcall-phone
The skill receives phone calls and communicates with a telephony service. While it seems legitimate, the network_in capability could potentially be used for malicious purposes.
⚠ Flagged for review — coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.
Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
Findings (7)
HTTP request to bare IP address — common in malicious payloads
references/setup.md · code · http://127.0.0.1
References child_process — can spawn system processes
bridge/phone-agent-server.js · prose · downgraded · child_process
Uses spawn() — can execute external programs
bridge/phone-agent-server.js · prose · downgraded · spawn(
Node http/https module — low-level network access
bridge/phone-agent-server.js · prose · downgraded · require("http")
References agent memory files
bridge/phone-context.js · prose · downgraded · MEMORY.md
Accesses sensitive environment variables
listener/clawcall-listener.js · prose · downgraded · process.env.CLAWCALL_API_KEY
References webhook/callback URL
references/setup.md · prose · downgraded · webhook_url
Why the tier is capped
Execution sink present in raw bytes (Hard Floor: class D). Final tier capped at Caution — cannot be lifted by any downgrade, example-payload opt-in, or allowlist.
Permissions & capabilities
Requires 2 environment variables. (1 sensitive: CLAWCALL_API_KEY). Requires 2 system binaries.
network_in Is this flag fair?
Thanks — recorded.