llc-phone 安全扫描报告 — 可信 | ClawSafe

5 /100

llc-phone

Low-latency inbound and outbound AI phone calls via OpenAI Realtime API and Twilio

Legitimate AI phone agent skill with no malicious indicators — all functionality is clearly documented and matches the implementation.

技能名称llc-phone

分析耗时31.6s

引擎pi

✓

可以安装

No action needed. This is a production-ready voice agent skill.

安全发现 1 项

严重性	安全发现	位置
低危	Unpinned dependency versions package.json uses ^ version ranges (e.g., ^4.21.2, ^8.18.0) instead of exact pinned versions. While standard practice, this allows minor/patch updates silently. `"express": "^4.21.2"` → Consider pinning to exact versions (e.g., "4.21.2") for reproducible builds. Not a security issue per se, but best practice for production skills.	`package.json:21`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`READ`	✓ 一致	readFileSync(twimlPath) only for static TwiML template
网络访问	`READ/WRITE`	`READ`	✓ 一致	Twilio API, OpenAI WebSocket, ClickSend SMS, CalDAV calendar — all documented an…
命令执行	`NONE`	`NONE`	—	No subprocess or child_process usage found
环境变量	`NONE`	`READ`	✓ 一致	Only reads env vars for config (OPENAI_API_KEY, TWILIO_, CLICKSEND_, CALDAV_*)…
技能调用	`NONE`	`NONE`	—	No skill self-invocation
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser automation
数据库	`NONE`	`READ`	✓ 一致	CalDAV calendar via HTTP REPORT/PUT — documented as appointment booking feature

5 项发现

🔗

中危外部 URL 外部 URL

https://platform.openai.com/docs/changelog

docs/08-known-issues.md:130

🔗

中危外部 URL 外部 URL

https://community.openai.com

docs/08-known-issues.md:131

🔗

中危外部 URL 外部 URL

https://your-caldav-server.example.com

src/functionHandlers.ts:7

🔗

中危外部 URL 外部 URL

https://rest.clicksend.com/v3/sms/send

src/functionHandlers.ts:397

🔗

中危外部 URL 外部 URL

https://api.twilio.com/2010-04-01/Accounts/$

src/functionHandlers.ts:424

目录结构

19 文件 · 124.4 KB · 3676 行

TypeScript 5f · 1968L Markdown 11f · 1643L JSON 2f · 57L XML 1f · 8L

├─ ▾ 📁 docs

│ ├─ 📝 01-overview.md Markdown 44L · 1.9 KB

│ ├─ 📝 02-session-config.md Markdown 177L · 5.0 KB

│ ├─ 📝 03-prewarm-outbound.md Markdown 237L · 7.4 KB

│ ├─ 📝 04-inbound-modes.md Markdown 274L · 9.1 KB

│ ├─ 📝 05-async-tools.md Markdown 146L · 5.1 KB

│ ├─ 📝 06-latency-tuning.md Markdown 103L · 3.5 KB

│ ├─ 📝 07-twilio-integration.md Markdown 114L · 3.5 KB

│ ├─ 📝 08-known-issues.md Markdown 132L · 3.8 KB

│ └─ 📝 09-openclaw-config.md Markdown 140L · 4.3 KB

├─ ▾ 📁 src

│ ├─ 📜 functionHandlers.ts TypeScript 564L · 19.3 KB

│ ├─ 📜 server.ts TypeScript 397L · 14.6 KB

│ ├─ 📜 sessionManager.ts TypeScript 929L · 32.8 KB

│ ├─ 📄 twiml.xml XML 8L · 187 B

│ ├─ 📜 types.ts TypeScript 31L · 614 B

│ └─ 📜 webhook.ts TypeScript 47L · 1.3 KB

├─ 📋 package.json JSON 39L · 974 B

├─ 📝 README.md Markdown 176L · 5.6 KB

├─ 📝 SKILL.md Markdown 100L · 4.9 KB

└─ 📋 tsconfig.json JSON 18L · 419 B

依赖分析 5 项

包名	版本	来源	已知漏洞	备注
`express`	`^4.21.2`	npm	否	Unpinned minor version
`ws`	`^8.18.0`	npm	否	Unpinned minor version
`dotenv`	`^16.4.5`	npm	否	Unpinned minor version
`cors`	`^2.8.5`	npm	否	Unpinned minor version
`typescript`	`^5.5.4`	npm	否	Dev dependency, unpinned

安全亮点

✓ No subprocess/child_process usage — pure Node.js application

✓ No eval(), no base64 decode-into-shell, no dynamic code execution

✓ No credential harvesting — only reads env vars for legitimate service authentication

✓ No sensitive local path access (~/.ssh, ~/.aws, .env files)

✓ No curl|bash or wget|sh remote script execution

✓ SKILL.md documentation accurately describes all implemented functionality

✓ All external API calls (Twilio, OpenAI, ClickSend, CalDAV) are declared and necessary for the voice agent feature

✓ WebSocket/Webhook exfiltration only occurs to user-configured TRANSCRIPT_WEBHOOK_URL (opt-in, disabled by default)

✓ No hidden functionality in HTML comments or disguised code

✓ TypeScript source is clean and readable — no obfuscation

✓ Uses standard, well-audited dependencies (express, ws, cors)