ClawHub

Twilio

Security checks across malware telemetry and agentic risk

Overview

This Twilio skill is not malicious, but it can send messages, place or alter calls, delete messages, and proxy authenticated Twilio API requests without clear confirmation guardrails.

Install only if you are comfortable giving Membrane delegated access to your Twilio account. Use the least-privileged Twilio/Membrane connection available, prefer listed read actions where possible, and require a clear manual confirmation before sending messages, placing or modifying calls, deleting messages, or using raw proxy requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The manifest and description frame the skill as generic account/data management, but the documented actions include high-impact operations such as creating calls, updating live calls, sending messages, and deleting messages. This capability mismatch can cause the agent or user to invoke the skill without understanding that it can perform externally impactful and destructive actions.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
Although presented as a Twilio integration skill, it also exposes a generic proxy request mechanism that can reach arbitrary Twilio API endpoints through the authenticated connection. This broadens the effective capability surface beyond the documented actions, enabling unreviewed operations and making policy enforcement and safe action selection harder.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation description 'Use when the user wants to interact with Twilio data' is overly broad and does not distinguish between safe read operations and high-impact write actions like sending messages or placing calls. Overbroad routing criteria increase the chance the skill is selected for requests where the user did not intend to authorize communications or destructive changes.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill advertises destructive and externally impactful actions such as creating calls, sending messages, updating live calls, and deleting messages without requiring warnings, confirmation, or operator review. In a communications context, accidental or unauthorized execution can immediately affect third parties, incur charges, disrupt service, or remove evidence.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal