ClawHub

TelCall Twilio

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do what it claims, but it can place real Twilio calls immediately and stores a long-lived Twilio token locally with limited safeguards.

Install only if you are comfortable giving this skill authority to place real Twilio phone calls that may incur charges. Before using it, add or enforce a confirmation step for every call, protect or rotate the stored Auth Token, avoid entering the token where terminal input may be recorded, and XML-escape message text before building TwiML.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill declares no permissions while explicitly instructing the agent to run shell scripts, which hides its true execution capabilities from any permission or review layer. That increases the chance of unexpected command execution and reduces informed user consent, especially because the shell scripts will handle sensitive Twilio credentials and place real outbound calls.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad conversational requests such as 'Call me' and 'Emergency call,' which can be matched in benign discussion or ambiguous contexts. In this skill, unintended invocation is more dangerous because activation can initiate real phone calls, contact recipients, and incur charges through Twilio.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill description explains convenience features but does not prominently warn that it will place real phone calls, contact actual recipients, and may generate telephony charges. For a calling skill, missing this warning undermines informed consent and makes accidental or socially engineered misuse more likely.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script reads the Twilio Auth Token with a normal `read -p`, so the secret will be echoed on the terminal and may be visible to anyone observing the screen or captured in terminal recordings/logging setups. Because this skill is specifically for emergency calling, exposure of the token could let an attacker place calls or abuse the Twilio account, causing financial and operational impact.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal