pp-twilio
Facilitates advanced Twilio analytics and messaging capabilities, enabling users to manage and analyze communication data effectively.
Install this skill
or
74/100
Security score
The pp-twilio skill was audited on Jun 10, 2026 and we found 6 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 93
Webhook reference - potential data exfiltration
SourceSKILL.md
| 93 | - **`webhook-audit`** — Group your IncomingPhoneNumbers by their Voice/SMS webhook URL to find single-use URLs that may be orphans pointing at deleted endpoints. Add --probe for a live HEAD check. |
medium line 95
Webhook reference - potential data exfiltration
SourceSKILL.md
| 95 | _Orphan webhooks silently fail incoming calls and SMS. Quarterly audit is cheap insurance against silent dropped traffic._ |
low line 98
Webhook reference - potential data exfiltration
SourceSKILL.md
| 98 | twilio-pp-cli webhook-audit --probe --json |
medium line 504
Webhook reference - potential data exfiltration
SourceSKILL.md
| 504 | | `webhook:<url>` | POST the output body to the URL (`application/json` or `application/x-ndjson` when `--compact`) | |
medium line 506
Webhook reference - potential data exfiltration
SourceSKILL.md
| 506 | Unknown schemes are refused with a structured error naming the supported set. Webhook failures return non-zero and log the URL + HTTP status on stderr. |
medium line 492
Access to hidden dotfiles in home directory
SourceSKILL.md
| 492 | Entries are stored locally at `~/.twilio-pp-cli/feedback.jsonl`. They are never POSTed unless `TWILIO_FEEDBACK_ENDPOINT` is set AND either `--send` is passed or `TWILIO_FEEDBACK_AUTO_SEND=true`. Defau |
Scanned on Jun 10, 2026
View Security DashboardGitHub Stars 1.3K
Rate this skill
Categorysales
UpdatedJune 10, 2026
claudeclaude-codefrontendexceldocxgitapidatabasetestingmobilebackendcustomer-success-managergrowth-marketermarketing-analystsdrsales-operationstwiliosalesmarketing
mvanhorn/printing-press-library