Is callrail safe?

https://clawhub.ai/byungkyu/callrail

82
SAFE

The callrail skill is a straightforward API integration for CallRail call tracking via the Maton OAuth gateway. It contains no executable code, no install scripts, no malicious patterns, and passed all canary integrity checks. The primary risk is architectural: all API traffic is proxied through Maton's gateway (gateway.maton.ai), requiring users to trust this third party with their CallRail data including customer PII and call recordings. A minor concern is the cross-skill referral to the api-gateway skill which could expand the agent's attack surface.

Category Scores

Prompt Injection 78/100 · 30%
Data Exfiltration 80/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 85/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 72/100 · 5%

Findings (7)

MEDIUM API key sent to third-party gateway -15

All API requests route through gateway.maton.ai and ctrl.maton.ai rather than directly to api.callrail.com. The user's MATON_API_KEY is sent as a Bearer token to these third-party endpoints. While this is the documented OAuth proxy pattern, it means the Maton gateway has access to all CallRail data the user queries.

MEDIUM OAuth proxy trust model requires trusting Maton -18

This skill routes all CallRail API traffic through Maton's gateway. If Maton's gateway were compromised, an attacker could intercept all CallRail data including customer PII, phone numbers, and call recordings.

LOW Cross-skill referral to api-gateway -10

The skill description references another skill with a direct URL, which could encourage the agent to install additional skills not explicitly requested by the user.

LOW Executable code blocks in documentation -7

The SKILL.md contains numerous Python and JavaScript code snippets that the agent may execute. While standard for API documentation, this establishes a pattern of running skill-provided code.

LOW PII accessible through normal API usage -5

The skill provides access to customer phone numbers, names, call recordings, and notes through standard API calls.

INFO All canary files intact 0

No honeypot files were accessed or modified during skill installation.

INFO Clean network profile during installation 0

No network connections were detected during the skill installation. No firewall blocks occurred.