pp-twilio

SUSPICIOUS. The skill’s stated Twilio analytics purpose partly matches its data-sync features, but its actual footprint is much broader: it installs non-Twilio third-party CLIs/MCP from a personal publisher, forwards Twilio credentials to that tooling, supports arbitrary webhook delivery, and exposes many destructive/admin Twilio operations unrelated to simple analytics. The behavior is not confirmed malicious, but the scope and trust model are disproportionate enough to warrant caution.