TelCall Twilio
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A crafted or untrusted alert message could cause an unexpected Twilio call flow, call failure, or extra account charges instead of only reading the message aloud.
The message argument is inserted directly into Twilio's TwiML XML without escaping. If the message includes XML/TwiML markup, it could break the intended spoken-message behavior or alter the call instructions.
MESSAGE="$1"
TWIML="<Response><Say language=\"en-US\" voice=\"alice\">Emergency notification: ${MESSAGE}</Say></Response>"Escape XML special characters before placing the message inside TwiML, or use a safer Twilio workflow that treats the message strictly as text. Consider confirming before placing paid calls.
Anyone or any process with access to this local config file under the same user account could potentially use the Twilio credentials to place calls or access the Twilio account API.
The setup script collects and stores a Twilio Auth Token locally so the skill can place calls through the user's Twilio account.
read -p "Auth Token: " auth_token
cat > "$CONFIG_FILE" << EOF
{
"account_sid": "$account_sid",
"auth_token": "$auth_token"Use a minimally privileged Twilio token if possible, protect the OpenClaw workspace, rotate the token if it may have been exposed, and consider changing the prompt to hide token entry with silent input.
Users have less external provenance information for deciding whether to trust the skill author and future updates.
The registry metadata does not provide a source repository or homepage for provenance verification, although the supplied artifacts include the full scripts.
Source: unknown Homepage: none
Review the included scripts before use and prefer installing from a skill with a verifiable source repository or trusted publisher history.