← All tools

@twilio-alpha/mcp-monorepo

MCP

Twilio's Model Context Protocol monorepo

v0.0.0 MIT Tested 8 Feb 2026
6.6

Dimension scores

Security 6.0
Reliability 7.0
Agent usability 4.0
Compatibility 9.0
Code health 8.0

Compatibility

Framework Status Notes
Claude Code
OpenAI Agents SDK May require minor schema translation from MCP to OpenAI function format
LangChain Tools maintain stateful accountSid injection which may need special handling in LangChain's stateless model

Security findings

MEDIUM

Weak regex validation for Twilio SID format allows invalid characters

MEDIUM

Command-line credentials visible in process list

MEDIUM

Insufficient input validation on file upload paths

MEDIUM

No length limits on user-provided content strings

MEDIUM

Error messages may leak implementation details

Reliability

Success rate

82%

Calls made

100

Avg latency

450ms

P95 latency

1200ms

Failure modes

  • No timeout protection on HTTP upload operations - may hang indefinitely on network issues
  • process.exit(1) calls in main.ts and args.ts will crash the entire server on validation failures instead of returning structured errors
  • Missing null/undefined checks in callToolBody when accessing body[accountSidKey]
  • handleReadResource throws generic Error for unknown resources without structured error format
  • uploadFunction and uploadAsset catch errors but return unstructured error objects {ok: false, statusCode: 500, error}
  • No validation of serviceSid/functionSid/assetSid formats before making HTTP calls
  • FormData construction could fail with invalid content but no try/catch around Buffer.from(content)
  • No rate limiting or concurrency control on HTTP requests
  • Missing validation for empty/whitespace content in upload functions
  • toolRequiresAccountSid doesn't handle missing inputSchema.properties gracefully

Code health

License

MIT

Has tests

Yes

Has CI

No

Dependencies

50

Well-structured TypeScript monorepo with comprehensive test coverage across multiple packages. Has proper linting (ESLint), formatting (Prettier), type checking (TypeScript), and testing (Vitest) configured. Documentation includes README, LICENSE (MIT), and CHANGELOG files. Uses changesets for version management. No CI configuration detected (.github/workflows missing). Package version is 0.0.0 suggesting pre-release/development status and not yet published to npm. Strong code organization with clear separation of concerns (server, tools, utils). Test files show good coverage of core functionality including mocking and edge cases. Missing: CI/CD pipeline, published package, git history metrics unavailable from static analysis.

View source on GitHub →