Back to skill

Security audit

Agentic Calling

Security checks across malware telemetry and agentic risk

Overview

This Twilio phone and SMS skill is mostly transparent, but it gives an agent broad real-world calling, texting, and recording power without enough built-in safeguards.

Install only if you intentionally want an agent to use your Twilio account for real calls and SMS. Before enabling it, add human approval, recipient allowlists, usage/spend limits, logging, consent rules for recording/transcription, restrictive permissions for any credential file, and avoid passing untrusted message text until the TwiML/Python encoding bug is fixed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly promotes autonomous phone calls and SMS, but it does not warn users about consent requirements, privacy considerations, abuse potential, or billing exposure. In a telephony skill, omission of these guardrails can lead to unauthorized outreach, harassment, regulatory violations, and unexpected charges, especially when used by autonomous agents at scale.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly promotes call recording and transcription but does not warn about consent, legal restrictions, or the privacy implications of capturing third-party communications. In many jurisdictions, recording or transcribing calls without proper notice or consent can create legal, compliance, and privacy harm, especially because agents may use these features autonomously at scale.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill enables autonomous outbound calling and SMS to arbitrary phone numbers but does not include warnings about third-party impact, consent, abuse prevention, or regulatory constraints such as anti-spam and telemarketing rules. This is dangerous because an agent can contact external parties directly, creating harassment, fraud, billing, and reputational risks if misused or misconfigured.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script enables call recording for appointment reminder calls by passing '--record true', but the visible message played to recipients contains no disclosure that the call may be recorded. Recording individuals without clear notice can create privacy, consent, and regulatory compliance risks, especially in healthcare-adjacent appointment contexts where personal information is involved.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The manifest explicitly advertises autonomous phone calling and SMS capabilities, which can trigger real-world communications, transmit user data to Twilio, and incur account charges without any warning, consent language, or guardrails in the skill metadata. In this context, the omission is security-relevant because telephony actions have immediate external impact and can be abused for spam, privacy violations, or unexpected billing if invoked by an agent without clear user acknowledgment.

Session Persistence

Medium
Category
Rogue Agent
Content
2. **Configure Twilio Credentials:**

Create `~/.clawdbot/twilio-config.json`:
```json
{
  "accountSid": "YOUR_ACCOUNT_SID",
Confidence
83% confidence
Finding
Create `~/.clawdbot

Session Persistence

Medium
Category
Rogue Agent
Content
### 1. Configure Credentials

Create a file at `~/.clawdbot/twilio-config.json`:

```json
{
Confidence
90% confidence
Finding
Create a file at `~/.clawdbot

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.