Back to skill

Security audit

Twilio

Security checks across malware telemetry and agentic risk

Overview

This is a transparent Twilio API integration, but it grants broad access to sensitive Twilio account data and actions, so users should review requests carefully.

Install only if you trust Maton to proxy access to your Twilio account. Keep MATON_API_KEY private, avoid commands that print the key, choose the intended Twilio connection when multiple accounts exist, and explicitly review any action that sends messages, places calls, changes webhooks, deletes resources, or reads communications history.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The manifest frames the skill as focused on SMS, voice, phone numbers, and communications, but the document exposes broader Twilio account capabilities such as Applications, Queues, Addresses, and Usage Records. This mismatch can mislead users and downstream policy systems about the true privilege scope, increasing the chance of overbroad or unexpected actions.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
Application management goes beyond the stated purpose and introduces the ability to reconfigure voice/SMS webhooks and application behavior inside the Twilio account. In the context of an agent skill, undocumented admin capabilities raise the risk of users authorizing actions they do not realize include service reconfiguration.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
Address management is outside the communications-focused description and may expose or alter regulated business identity/contact information tied to the Twilio account. Hidden expansion into account-administrative data increases privacy and compliance risk because users may not expect the skill to handle physical address records.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill supports listing messages, calls, phone numbers, and usage data, which can reveal sensitive communications metadata and potentially message contents, yet the skill description lacks a clear privacy warning. In a communications integration, omission of that warning makes accidental exposure of personal or business data more likely.

VirusTotal

44/44 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.