telnyx-voice-sip

clawhub:telnyx-voice-sip

View source

85/100

First Seen

Feb 18, 2026

Last Scanned

Feb 22, 2026

Findings

Score

85/100

HIGH 1

LOW 1

Findings (2)

HIGH

Private data read with code execution TOXIC_002

toxic-flow L86

Skill can read private data AND execute arbitrary code. This combination enables credential theft via dynamic code.

[reads_private_data] cat > .env + [executes_code] exec(

FIX

Add input validation between the user-controlled data source and the security-sensitive sink (e.g., file writes, command execution). Implement allowlisting for acceptable input patterns.

FP?

Likely FP if the user input passes through explicit validation or sanitization before reaching the sensitive operation, and the taint tracker missed the sanitization step.

LOW

Runtime URL controlling behavior THIRDPARTY_001

third-party-content L62

Detects URLs fetched at runtime that control or influence agent behavior without pinning

Get from: https:// + setting

FIX

Avoid loading configuration or behavior-controlling content from runtime URLs. Bundle required configurations locally or pin remote config to versioned, integrity-verified endpoints.

FP?

Likely FP if the URL in the match is a documentation link or example URL (e.g., example.com) rather than an actual runtime-fetched configuration endpoint.