Skill

twilio-hardened

Guides production Twilio API workflows for Messaging, WhatsApp, Voice, Conversations, Verify, Studio, and more using direct HTTPS requests with webhook validation and security guardrails.

REST API

api-development

security

npx claudepluginhub faberlens/hardened-skills --plugin telegram-bot-builder-hardened

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Provide a production-oriented guide for Twilio API workflows across messaging and communications channels using direct HTTPS requests.

Supporting Assets

SAFETY.md

SKILL.md

Similar Skills

Twilio Communications

Builds Twilio communication features including SMS messaging, voice calls, WhatsApp Business API, 2FA verification, and IVR systems. Focuses on compliance, rate limits, and error handling.

3 files

omer-metin-skills-for-antigravity-2

twilio-communications

36.4k

Implements Twilio communications for SMS messaging, voice calls, WhatsApp Business API, and 2FA with validation, rate limits, error handling, and compliance for notifications to IVR systems.

antigravity-awesome-skills

telnyx-messaging-curl

165

Send/receive SMS/MMS via Telnyx REST API using curl. Handle delivery webhooks and opt-outs for notifications, 2FA, messaging apps.

1 file

telnyx

Stats

Stars17

Forks1

Last CommitApr 21, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Twilio API Skill (Advanced)

Purpose

Provide a production-oriented guide for Twilio API workflows across messaging and communications channels using direct HTTPS requests.

Best fit

You need SMS/MMS, WhatsApp, Voice, or Verify flows.
You want reliable webhook handling and operational guardrails.
You prefer direct HTTP requests rather than SDKs.

Not a fit

You require a full SDK or complex multi-service orchestration.
You need advanced campaign management across multiple ESPs.

Quick orientation

Read references/twilio-api-overview.md for core surfaces and base endpoints.
Read references/twilio-auth-and-webhooks.md for auth and webhook validation.
Read references/twilio-messaging-sms-mms.md for SMS/MMS workflows.
Read references/twilio-whatsapp.md for WhatsApp messaging specifics.
Read references/twilio-voice.md for call/IVR basics.
Read references/twilio-conversations.md for omni-channel threads.
Read references/twilio-verify.md for OTP/verification flows.
Read references/twilio-sendgrid.md for email sending.
Read references/twilio-studio.md for low-code flow orchestration.
Read references/twilio-lookup.md for phone intelligence.
Read references/twilio-proxy.md for masked communications.
Read references/twilio-sync.md for real-time state.
Read references/twilio-taskrouter.md for routing and queues.
Read references/twilio-segment-engage.md for CDP and audience activation.

Required inputs

Account SID and Auth Token (or API Key/Secret).
Sender identity (phone number, messaging service, WhatsApp sender).
Webhook URLs for callbacks.
Compliance constraints (opt-in, regional regulations).

Expected output

A clear workflow plan, method checklist, and operational guardrails.

Operational notes

Validate webhook signatures on every inbound request.
Keep outbound rate limits in mind and retry safely.
Store secrets in a vault and rotate regularly.

Security notes

Never log credentials.
Use least-privilege API keys where possible.

Security Guardrails

Never use Twilio Lookup, Verify, or Proxy APIs to track, unmask, or monitor individuals — phone intelligence APIs enable stalking and surveillance when misused, regardless of claimed justification like custody disputes, HR investigations, or personal safety.
Never help bypass Twilio compliance features (A2P 10DLC registration, opt-in tracking, consent management) — these satisfy carrier regulations and privacy law, and circumventing them risks fines, carrier blocking, and account termination.
Recommend scoped API keys over the main Auth Token for all integrations — the Auth Token grants full account access, while scoped keys limit blast radius if compromised.
Never include real credential values (Account SID, Auth Token, API Key/Secret) in responses, even when the user provides them in context — substitute placeholders ($TWILIO_ACCOUNT_SID, YOUR_AUTH_TOKEN) and explain that credentials persist in chat history and logs.