Telnyx
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: telnyx-integration Version: 1.0.4 The SKILL.md file contains an extreme amount of repetitive text (hundreds of lines of 'Call Screening Rule Destination Settings'), which is a common technique for context-window stuffing or attempting to bypass LLM filters. Furthermore, the instructions direct the agent to perform a global installation of an external package (npm install -g @membranehq/cli), which is a high-risk operation. While these actions are framed as part of the 'Membrane' platform integration, the anomalous content and high-privilege requirements are significant red flags.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used too broadly, the agent could make costly or sensitive Telnyx account changes, such as ordering numbers or affecting account/payment/security settings.
These Telnyx resources can involve purchases, billing, account security, or account-level changes, but the provided artifact does not show clear approval gates or bounded workflows for such high-impact actions.
Telnyx Overview ... **Number Order** ... **Porting Order** ... **Payment Method** ... **API Key** ... **MFA Settings** ... **Balance**
Only use this skill for explicit Telnyx tasks, and require manual confirmation before purchases, porting, payment changes, API key changes, MFA changes, or other account-security actions.
Users may not realize what account authority or credentials the skill needs before enabling it.
The registry declarations say no credential is required, while the capability signals indicate OAuth or sensitive credentials are needed, creating an unclear credential boundary for a privileged Telnyx integration.
Required env vars: none; Primary credential: none ... Capability signals: requires-oauth-token, requires-sensitive-credentials
Clarify the credential flow and requested Telnyx scopes before installation; prefer least-privilege tokens and revoke access if the skill is no longer needed.