twilio
Integrates Twilio API for SMS, voice, and WhatsApp messaging, enabling seamless communication and verification processes.
Install this skill
or
0/100
Security score
The twilio skill was audited on May 16, 2026 and we found 47 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 23
Curl to non-GitHub URL
SourceSKILL.md
| 23 | curl -s "https://api.twilio.com/2010-04-01/Accounts/$TWILIO_ACCOUNT_SID.json" -u "$TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN" | jq '{sid, friendly_name, status, type}' |
medium line 31
Curl to non-GitHub URL
SourceSKILL.md
| 31 | curl -s -X POST "https://api.twilio.com/2010-04-01/Accounts/$TWILIO_ACCOUNT_SID/Messages.json" -u "$TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN" --data-urlencode "To=+14155552671" --data-urlencode "From=+14 |
medium line 39
Curl to non-GitHub URL
SourceSKILL.md
| 39 | curl -s -X POST "https://api.twilio.com/2010-04-01/Accounts/$TWILIO_ACCOUNT_SID/Messages.json" -u "$TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN" --data-urlencode "To=whatsapp:+14155552671" --data-urlencode |
medium line 47
Curl to non-GitHub URL
SourceSKILL.md
| 47 | curl -s -X POST "https://api.twilio.com/2010-04-01/Accounts/$TWILIO_ACCOUNT_SID/Messages.json" -u "$TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN" --data-urlencode "To=+14155552671" --data-urlencode "From=+14 |
medium line 53
Curl to non-GitHub URL
SourceSKILL.md
| 53 | curl -s "https://api.twilio.com/2010-04-01/Accounts/$TWILIO_ACCOUNT_SID/Messages.json?PageSize=20" -u "$TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN" | jq '.messages[] | {sid, from, to, status, body, date_se |
medium line 59
Curl to non-GitHub URL
SourceSKILL.md
| 59 | curl -s -G "https://api.twilio.com/2010-04-01/Accounts/$TWILIO_ACCOUNT_SID/Messages.json" -u "$TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN" --data-urlencode "To=+14155552671" --data-urlencode "DateSent>=202 |
medium line 67
Curl to non-GitHub URL
SourceSKILL.md
| 67 | curl -s "https://api.twilio.com/2010-04-01/Accounts/$TWILIO_ACCOUNT_SID/Messages/<message-sid>.json" -u "$TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN" |
medium line 75
Curl to non-GitHub URL
SourceSKILL.md
| 75 | curl -s -X POST "https://api.twilio.com/2010-04-01/Accounts/$TWILIO_ACCOUNT_SID/Calls.json" -u "$TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN" --data-urlencode "To=+14155552671" --data-urlencode "From=+14155 |
medium line 81
Curl to non-GitHub URL
SourceSKILL.md
| 81 | curl -s "https://api.twilio.com/2010-04-01/Accounts/$TWILIO_ACCOUNT_SID/Calls.json?PageSize=20" -u "$TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN" | jq '.calls[] | {sid, from, to, status, duration, start_tim |
medium line 87
Curl to non-GitHub URL
SourceSKILL.md
| 87 | curl -s "https://api.twilio.com/2010-04-01/Accounts/$TWILIO_ACCOUNT_SID/IncomingPhoneNumbers.json" -u "$TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN" | jq '.incoming_phone_numbers[] | {sid, phone_number, fri |
medium line 95
Curl to non-GitHub URL
SourceSKILL.md
| 95 | curl -s "https://api.twilio.com/2010-04-01/Accounts/$TWILIO_ACCOUNT_SID/AvailablePhoneNumbers/US/Local.json?SmsEnabled=true&MmsEnabled=true&PageSize=10" -u "$TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN" | j |
medium line 103
Curl to non-GitHub URL
SourceSKILL.md
| 103 | curl -s "https://lookups.twilio.com/v2/PhoneNumbers/<phone-number>?Fields=line_type_intelligence" -u "$TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN" |
medium line 109
Curl to non-GitHub URL
SourceSKILL.md
| 109 | curl -s -X POST "https://verify.twilio.com/v2/Services" -u "$TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN" --data-urlencode "FriendlyName=vm0 OTP" |
medium line 119
Curl to non-GitHub URL
SourceSKILL.md
| 119 | curl -s -X POST "https://verify.twilio.com/v2/Services/<verify-service-sid>/Verifications" -u "$TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN" --data-urlencode "To=+14155552671" --data-urlencode "Channel=sms" |
medium line 125
Curl to non-GitHub URL
SourceSKILL.md
| 125 | curl -s -X POST "https://verify.twilio.com/v2/Services/<verify-service-sid>/VerificationCheck" -u "$TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN" --data-urlencode "To=+14155552671" --data-urlencode "Code=123 |
medium line 136
Curl to non-GitHub URL
SourceSKILL.md
| 136 | curl -s -X POST "https://api.twilio.com/2010-04-01/Accounts/$TWILIO_ACCOUNT_SID/Messages.json" -u "$TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN" --data-urlencode "To=+14155552671" --data-urlencode "From=+14 |
medium line 139
Curl to non-GitHub URL
SourceSKILL.md
| 139 | curl -s "https://api.twilio.com/2010-04-01/Accounts/$TWILIO_ACCOUNT_SID/Messages/<message-sid>.json" -u "$TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN" | jq '{status, error_code, error_message}' |
medium line 147
Curl to non-GitHub URL
SourceSKILL.md
| 147 | curl -s -X POST "https://api.twilio.com/2010-04-01/Accounts/$TWILIO_ACCOUNT_SID/IncomingPhoneNumbers.json" -u "$TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN" --data-urlencode "PhoneNumber=<phone-number>" |
medium line 156
Webhook reference - potential data exfiltration
SourceSKILL.md
| 156 | 5. SMS status flows through `queued → sending → sent → delivered` (or `failed` / `undelivered`). Use webhook callbacks or poll the message resource — there's no list-of-deliveries stream. |
medium line 170
Webhook reference - potential data exfiltration
SourceSKILL.md
| 170 | - Status callbacks: https://www.twilio.com/docs/usage/webhooks |
low line 8
External URL reference
SourceSKILL.md
| 8 | If requests fail, run `zero doctor check-connector --env-name TWILIO_ACCOUNT_SID` or `zero doctor check-connector --url https://api.twilio.com/2010-04-01/Accounts.json --method GET` |
low line 14
External URL reference
SourceSKILL.md
| 14 | Base URL: `https://api.twilio.com/2010-04-01` (core REST API). Product subdomains for newer services: `verify.twilio.com`, `messaging.twilio.com`, `lookups.twilio.com`, `serverless.twilio.com`, `studi |
low line 23
External URL reference
SourceSKILL.md
| 23 | curl -s "https://api.twilio.com/2010-04-01/Accounts/$TWILIO_ACCOUNT_SID.json" -u "$TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN" | jq '{sid, friendly_name, status, type}' |
low line 31
External URL reference
SourceSKILL.md
| 31 | curl -s -X POST "https://api.twilio.com/2010-04-01/Accounts/$TWILIO_ACCOUNT_SID/Messages.json" -u "$TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN" --data-urlencode "To=+14155552671" --data-urlencode "From=+14 |
low line 39
External URL reference
SourceSKILL.md
| 39 | curl -s -X POST "https://api.twilio.com/2010-04-01/Accounts/$TWILIO_ACCOUNT_SID/Messages.json" -u "$TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN" --data-urlencode "To=whatsapp:+14155552671" --data-urlencode |
low line 47
External URL reference
SourceSKILL.md
| 47 | curl -s -X POST "https://api.twilio.com/2010-04-01/Accounts/$TWILIO_ACCOUNT_SID/Messages.json" -u "$TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN" --data-urlencode "To=+14155552671" --data-urlencode "From=+14 |
low line 53
External URL reference
SourceSKILL.md
| 53 | curl -s "https://api.twilio.com/2010-04-01/Accounts/$TWILIO_ACCOUNT_SID/Messages.json?PageSize=20" -u "$TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN" | jq '.messages[] | {sid, from, to, status, body, date_se |
low line 59
External URL reference
SourceSKILL.md
| 59 | curl -s -G "https://api.twilio.com/2010-04-01/Accounts/$TWILIO_ACCOUNT_SID/Messages.json" -u "$TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN" --data-urlencode "To=+14155552671" --data-urlencode "DateSent>=202 |
low line 67
External URL reference
SourceSKILL.md
| 67 | curl -s "https://api.twilio.com/2010-04-01/Accounts/$TWILIO_ACCOUNT_SID/Messages/<message-sid>.json" -u "$TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN" |
low line 75
External URL reference
SourceSKILL.md
| 75 | curl -s -X POST "https://api.twilio.com/2010-04-01/Accounts/$TWILIO_ACCOUNT_SID/Calls.json" -u "$TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN" --data-urlencode "To=+14155552671" --data-urlencode "From=+14155 |
low line 81
External URL reference
SourceSKILL.md
| 81 | curl -s "https://api.twilio.com/2010-04-01/Accounts/$TWILIO_ACCOUNT_SID/Calls.json?PageSize=20" -u "$TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN" | jq '.calls[] | {sid, from, to, status, duration, start_tim |
low line 87
External URL reference
SourceSKILL.md
| 87 | curl -s "https://api.twilio.com/2010-04-01/Accounts/$TWILIO_ACCOUNT_SID/IncomingPhoneNumbers.json" -u "$TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN" | jq '.incoming_phone_numbers[] | {sid, phone_number, fri |
low line 95
External URL reference
SourceSKILL.md
| 95 | curl -s "https://api.twilio.com/2010-04-01/Accounts/$TWILIO_ACCOUNT_SID/AvailablePhoneNumbers/US/Local.json?SmsEnabled=true&MmsEnabled=true&PageSize=10" -u "$TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN" | j |
low line 103
External URL reference
SourceSKILL.md
| 103 | curl -s "https://lookups.twilio.com/v2/PhoneNumbers/<phone-number>?Fields=line_type_intelligence" -u "$TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN" |
low line 109
External URL reference
SourceSKILL.md
| 109 | curl -s -X POST "https://verify.twilio.com/v2/Services" -u "$TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN" --data-urlencode "FriendlyName=vm0 OTP" |
low line 119
External URL reference
SourceSKILL.md
| 119 | curl -s -X POST "https://verify.twilio.com/v2/Services/<verify-service-sid>/Verifications" -u "$TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN" --data-urlencode "To=+14155552671" --data-urlencode "Channel=sms" |
low line 125
External URL reference
SourceSKILL.md
| 125 | curl -s -X POST "https://verify.twilio.com/v2/Services/<verify-service-sid>/VerificationCheck" -u "$TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN" --data-urlencode "To=+14155552671" --data-urlencode "Code=123 |
low line 136
External URL reference
SourceSKILL.md
| 136 | curl -s -X POST "https://api.twilio.com/2010-04-01/Accounts/$TWILIO_ACCOUNT_SID/Messages.json" -u "$TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN" --data-urlencode "To=+14155552671" --data-urlencode "From=+14 |
low line 139
External URL reference
SourceSKILL.md
| 139 | curl -s "https://api.twilio.com/2010-04-01/Accounts/$TWILIO_ACCOUNT_SID/Messages/<message-sid>.json" -u "$TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN" | jq '{status, error_code, error_message}' |
low line 147
External URL reference
SourceSKILL.md
| 147 | curl -s -X POST "https://api.twilio.com/2010-04-01/Accounts/$TWILIO_ACCOUNT_SID/IncomingPhoneNumbers.json" -u "$TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN" --data-urlencode "PhoneNumber=<phone-number>" |
low line 164
External URL reference
SourceSKILL.md
| 164 | - REST API overview: https://www.twilio.com/docs/iam/api |
low line 165
External URL reference
SourceSKILL.md
| 165 | - Messages (SMS / MMS / WhatsApp): https://www.twilio.com/docs/messaging/api/message-resource |
low line 166
External URL reference
SourceSKILL.md
| 166 | - Calls (Voice): https://www.twilio.com/docs/voice/api/call-resource |
low line 167
External URL reference
SourceSKILL.md
| 167 | - Phone Numbers: https://www.twilio.com/docs/phone-numbers/api/incomingphonenumber-resource |
low line 168
External URL reference
SourceSKILL.md
| 168 | - Lookups v2: https://www.twilio.com/docs/lookup/v2-api |
low line 169
External URL reference
SourceSKILL.md
| 169 | - Verify v2: https://www.twilio.com/docs/verify/api |
low line 170
External URL reference
SourceSKILL.md
| 170 | - Status callbacks: https://www.twilio.com/docs/usage/webhooks |
Scanned on May 16, 2026
View Security DashboardGitHub Stars 60
Rate this skill
Categorysales
UpdatedMay 20, 2026
openclawapicustomer-success-managersales-engineergrowth-marketersdrtechnical-supporttwiliosalesmarketingsupport
vm0-ai/vm0-skills