twilio-debugging-observability
Facilitates debugging Twilio integrations and sets up observability for production environments, enhancing error tracking and resolution.
Install this skill
Security score
The twilio-debugging-observability skill was audited on May 26, 2026 and we found 54 security issues across 4 threat categories, including 3 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 50 | console.log(`${a.dateCreated}: [${a.errorCode}] ${a.alertText}`); |
Template literal with variable interpolation in command context
| 149 | `https://${req.headers.host}${req.originalUrl}`, |
Template literal with variable interpolation in command context
| 156 | console.log(`[${req.body.Level}] Error ${error_code} on ${resource_sid}: ${msg}`); |
Template literal with variable interpolation in command context
| 195 | console.log(`${alert.dateCreated} [${alert.errorCode}]`); |
Template literal with variable interpolation in command context
| 197 | console.log(` Request URL: ${detail.requestUrl}`); |
Template literal with variable interpolation in command context
| 198 | console.log(` Response body: ${detail.responseBody}`); |
Template literal with variable interpolation in command context
| 371 | console.log(`Status: ${message.status}, Error: ${message.errorCode}`); |
Template literal with variable interpolation in command context
| 374 | console.log(`Status: ${call.status}, Duration: ${call.duration}`); |
Curl to non-GitHub URL
| 315 | | Error 11200 in Debugger | Webhook URL returned non-200 / unreachable | Verify endpoint is live: `curl -I https://yourapp.com/sms` | |
Curl to non-GitHub URL
| 316 | | Error 11205 | HTTP connection failure (port closed, refused, firewall) | Verify server is running and port is open: `curl -I https://yourapp.com/sms` | |
Curl to non-GitHub URL
| 325 | curl -X POST https://yourapp.com/sms \ |
Webhook reference - potential data exfiltration
| 72 | 4. Check the Console Debugger for webhook/TwiML errors |
Webhook reference - potential data exfiltration
| 75 | 5. Check your webhook endpoint |
Webhook reference - potential data exfiltration
| 90 | **Rule of thumb:** If status callbacks show `delivered` but the user says they didn't receive it, the issue is on the carrier/device side (not Twilio). If the Console Debugger shows no errors at all, |
Webhook reference - potential data exfiltration
| 99 | - The full HTTP request and response for the associated webhook |
Webhook reference - potential data exfiltration
| 101 | **Configure a Debugger webhook** for real-time alerting: |
Webhook reference - potential data exfiltration
| 105 | Debugger webhook POST parameters: |
Webhook reference - potential data exfiltration
| 113 | | `Payload` | JSON: `resource_sid`, `error_code`, `more_info`, `webhook` (full request/response) | |
Webhook reference - potential data exfiltration
| 115 | **Python (Flask) -- debugger webhook handler** |
Webhook reference - potential data exfiltration
| 138 | **Node.js (Express) -- debugger webhook handler** |
Webhook reference - potential data exfiltration
| 220 | - Audit who changed a phone number's webhook URL |
Webhook reference - potential data exfiltration
| 229 | **Python -- set up error log streaming to a webhook** |
Webhook reference - potential data exfiltration
| 236 | # Step 1: Create a webhook sink |
Webhook reference - potential data exfiltration
| 242 | "SinkType": "webhook", |
Webhook reference - potential data exfiltration
| 261 | **Sink types:** `webhook`, `kinesis`, `segment` |
Webhook reference - potential data exfiltration
| 307 | ### 7. Debugging Webhooks |
Webhook reference - potential data exfiltration
| 309 | When Twilio can't reach your webhook or receives an error, the problem is often in your infrastructure. |
Webhook reference - potential data exfiltration
| 315 | | Error 11200 in Debugger | Webhook URL returned non-200 / unreachable | Verify endpoint is live: `curl -I https://yourapp.com/sms` | |
Webhook reference - potential data exfiltration
| 319 | | Webhook works locally but not deployed | Tunnel expired or firewall | Use `curl` from an external host to test | |
Webhook reference - potential data exfiltration
| 322 | **Test webhooks manually:** |
Webhook reference - potential data exfiltration
| 324 | # Simulate an inbound SMS webhook |
Webhook reference - potential data exfiltration
| 332 | **Browser testing:** Visit your webhook URL in Firefox -- it highlights XML errors in the response. |
Webhook reference - potential data exfiltration
| 338 | | 11200 | HTTP retrieval failure | Twilio cannot reach your webhook URL | Check URL, DNS, firewall, SSL cert | |
Webhook reference - potential data exfiltration
| 339 | | 11205 | HTTP connection failure | Webhook endpoint refused connection | Verify server is running and port is open | |
Webhook reference - potential data exfiltration
| 398 | | Webhook errors | Debugger webhook or Event Streams (`com.twilio.error-logs.error.logged`) | Any error | |
Webhook reference - potential data exfiltration
| 401 | | Webhook response time | Your APM (DataDog, New Relic) | p95 > 5 seconds | |
Webhook reference - potential data exfiltration
| 421 | - **Webhook architecture:** `twilio-webhook-architecture` |
Webhook reference - potential data exfiltration
| 422 | - **Scale webhook handling:** `twilio-reliability-patterns` |
Ngrok tunnel reference
| 320 | | Intermittent failures | ngrok session expired / recycled | Deploy to a stable host for anything beyond quick tests | |
Access to .env file
| 46 | const client = twilio(process.env.TWILIO_ACCOUNT_SID, process.env.TWILIO_AUTH_TOKEN); |
Access to .env file
| 147 | process.env.TWILIO_AUTH_TOKEN, |
External URL reference
| 94 | The [Console Debugger](https://console.twilio.com/us1/monitor/logs/debugger) shows errors and warnings for your account in real time. |
External URL reference
| 149 | `https://${req.headers.host}${req.originalUrl}`, |
External URL reference
| 238 | "https://events.twilio.com/v1/Sinks", |
External URL reference
| 243 | "SinkConfiguration": '{"destination": "https://yourapp.com/twilio-errors", "method": "POST"}' |
External URL reference
| 249 | "https://events.twilio.com/v1/Subscriptions", |
External URL reference
| 281 | status_callback="https://yourapp.com/msg-status" |
External URL reference
| 289 | url="https://yourapp.com/voice", |
External URL reference
| 290 | status_callback="https://yourapp.com/call-status", |
External URL reference
| 300 | recording_status_callback="https://yourapp.com/recording-status", |
External URL reference
| 315 | | Error 11200 in Debugger | Webhook URL returned non-200 / unreachable | Verify endpoint is live: `curl -I https://yourapp.com/sms` | |
External URL reference
| 316 | | Error 11205 | HTTP connection failure (port closed, refused, firewall) | Verify server is running and port is open: `curl -I https://yourapp.com/sms` | |
External URL reference
| 325 | curl -X POST https://yourapp.com/sms \ |
External URL reference
| 351 | Full error reference: https://www.twilio.com/docs/api/errors |