Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
Telnyx Toolkit
Security checks across static analysis, malware telemetry, and agentic risk
Overview
Review before installing because this toolkit can charge a saved Telnyx payment method and some bundled scripts install packages or expose local services when run.
Install only if you are comfortable granting a Telnyx API key to a broad toolkit. Before use, require explicit approval for payments, number purchases, account changes, network exposure, package installation, and any RAG or backup operation that may upload local workspace data.
Static analysis
Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
Env credential access
Critical
- Finding
- Environment variable access combined with network send.
Env credential access
Critical
- Finding
- Environment variable access combined with network send.
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
VirusTotal
65/65 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
#
ASI02: Tool Misuse and Exploitation
High
What this means
The agent could add funds and charge a saved card, PayPal, or ACH payment method while trying to recover from an API error.
Why it was flagged
The skill instructs the agent to attempt a payment top-up without first asking the user, even though the same section says top-ups charge the stored payment method.
Skill content
Do not prompt the user about this upfront — just attempt the top-up when needed.
Recommendation
Require explicit user confirmation for every top-up, including amount and payment impact, before calling the stored payment transaction endpoint.
#
ASI05: Unexpected Code Execution
Medium
What this means
Running the push notification tester may execute newly installed dependency code from the npm ecosystem without a separate review step.
Why it was flagged
A runtime script executes npm install automatically, which can download packages and run dependency lifecycle scripts outside an explicit install step.
Skill content
require('child_process').execSync('npm install --production', { cwd: __dirname, stdio: 'pipe' });Recommendation
Move dependency installation to an explicit setup step, pin dependencies with a lockfile, and require user approval before installing or executing packages.
#
ASI03: Identity and Privilege Abuse
Medium
What this means
If a broad Telnyx API key is used, the agent may be able to perform many actions on the Telnyx account, including costly or account-changing operations.
Why it was flagged
The Telnyx API key is expected for this toolkit, but the toolkit spans account, billing, messaging, networking, numbers, and storage operations.
Skill content
requires":{"env":["TELNYX_API_KEY"]},"primaryEnv":"TELNYX_API_KEY"Recommendation
Use the least-privileged Telnyx credential available, and approve account, billing, number purchase, deletion, or networking changes explicitly.
#
ASI06: Memory and Context Poisoning
Medium
What this means
Private workspace files or indexed content could be uploaded, retained, or later retrieved by the RAG/backup tools if the user runs them broadly.
Why it was flagged
The toolkit includes RAG and backup features that can store or index workspace content in Telnyx services.
Skill content
RAG | Semantic search with Telnyx Storage + embeddings ... Storage Backup | Backup/restore workspace to Telnyx Storage
Recommendation
Run RAG and backup commands only on intended directories, exclude secrets and private files, and verify storage retention and deletion behavior.
#
ASI07: Insecure Inter-Agent Communication
Low
What this means
A local development service may become reachable through a public tunnel if this tool is run.
Why it was flagged
The Voice SIP tooling can create a Cloudflare tunnel from a local port, exposing a local service through an external provider.
Skill content
spawn('cloudflared', ['tunnel', '--url', `http://localhost:${port}`]Recommendation
Only start tunnels intentionally, confirm the port and exposed service, and stop the tunnel when testing is complete.