ClawHub

Telnyx

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Telnyx/Membrane integration, but it grants broad telecom account powers without enough built-in scoping or confirmation guidance.

Install only if you intend to let an agent operate your Telnyx account through Membrane. Use the narrowest Telnyx/Membrane permissions available, and require explicit confirmation before purchases or number orders, deleting or porting numbers, changing payment/API-key/MFA settings, sending SMS or faxes, placing or hanging up calls, starting recordings, running verification flows, or accessing recordings and lookup data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is presented as a Telnyx-specific integration, but the instructions explicitly direct the agent to use generic Membrane capabilities that can create connectors for arbitrary apps and send proxied requests to arbitrary API endpoints. That scope expansion can let the skill operate well beyond the declared trust boundary, increasing the risk of unauthorized data access or unintended actions against non-Telnyx services.

Description-Behavior Mismatch

Low
Confidence
82% confidence
Finding
The manifest and top-level description describe a relatively narrow Telnyx integration, but the body documents a much broader set of Telnyx resources and operations, including destructive and sensitive account actions. Understating capability can mislead orchestrators and users about the level of access being delegated, which weakens informed consent and safe tool selection.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation phrase 'Use when the user wants to interact with Telnyx data' is overly broad and does not distinguish read-only lookups from high-impact operations like sending messages, placing calls, deleting numbers, or accessing recordings. Broad triggering language makes accidental invocation more likely in contexts where the user did not intend to authorize sensitive Telnyx actions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill advertises actions such as deleting phone numbers, sending messages and faxes, initiating calls, and accessing recordings, but it does not warn about financial cost, privacy exposure, or destructive side effects. In a telecom context, omission of these warnings is significant because actions can affect live communications, regulated data, and billable resources.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal