Twilio
PassAudited by ClawScan on May 1, 2026.
Overview
This is a disclosed Twilio API guide using Maton's OAuth proxy; it needs sensitive account access and can perform communications actions, but the artifacts present those capabilities as expected and user-approved.
Install this only if you intend to let the agent access your Twilio account through Maton. Keep the MATON_API_KEY private, choose the correct connection when multiple accounts exist, and manually review every SMS, call, phone-number, or account-changing action before approving it.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Approved actions could send messages, place calls, or change Twilio resources, which may contact people or incur costs.
The skill can perform externally visible or account-changing Twilio actions, but it discloses that write operations need explicit user approval.
Send SMS messages, make voice calls, manage phone numbers... **All write operations require explicit user approval.**
Before approving any write action, verify the target account, recipient numbers, message/call content, and expected cost or account impact.
Anyone or any agent using this key may be able to access the connected Twilio resources permitted by the Maton connection.
The skill requires a bearer API key that authorizes access to the connected Twilio account through Maton.
All requests require the Maton API key in the Authorization header: Authorization: Bearer $MATON_API_KEY
Store the MATON_API_KEY securely, use the least-privileged/appropriate Twilio connection, and revoke unused connections.
Twilio request and response data, potentially including phone numbers, message metadata, and message bodies, may pass through Maton's service.
The documented data path sends Twilio API requests through a third-party Maton proxy, which is disclosed and purpose-aligned but important for users to understand.
Maton proxies requests to `api.twilio.com` and automatically injects your OAuth token.
Use this skill only if you trust Maton as the OAuth/API proxy for your Twilio account and avoid sending unnecessary sensitive content.