Official (Vendor)Stale· 4mo★ 4.3by twilio-labs
Twilio
Send SMS, manage phone numbers, query call logs. The standard for voice/SMS workflows from inside an agent.
A+
Safety & Trust
Delv Safety Grade: A+
Score 92/100 · assessed 2026-04-28
Maintainer95
Permissions85
Supply chain90
Transparency95
Incidents100
Twilio's official MCP server is maintained by twilio-labs, the vendor's experimental arm, giving it strong organisational backing and legitimacy. The server provides scoped access to Twilio's SMS, voice, and phone number management APIs through well-defined tools. It requires account credentials via environment variables, which is standard for API integrations but does grant write access to send messages and modify account resources. The npm package distribution is clean and follows standard practices. Transparency is excellent with open source code and clear documentation. The permissions are reasonably scoped to Twilio's API domain, though they do include message sending and account modification capabilities. No known security incidents. The main consideration is that credentials grant full account access within Twilio's API scope, so credential management is critical.
Lethal Trifecta (prompt-injection exposure)
TRIFECTA RISKAll three axes present. This server can read private data, ingest attacker-controlled content, and send data outbound. A poisoned input (a GitHub issue, an email, a webpage) can exfiltrate secrets via this chain. Only install with auditing; avoid on shared or cloud agents.
Private dataYes
Reads secrets, credentials, private files
Untrusted inputYes
Ingests web pages, PRs, issues, emails
External commsYes
Can send data outbound
Inbound SMS and voice are untrusted by definition. Address book is private. SMS/voice send is outbound.
Green flags
- Official Twilio Labs package, backed by major communications vendor
- Open source with clear repository and documentation
- Standard npm distribution with versioning
- Well-scoped to Twilio API domain, no filesystem or shell access
- No known security incidents or credential leaks
Red flags
- Auth token grants full Twilio account access, not scoped to specific resources
- Can send SMS to any number, potential for abuse if credentials leak
- Package is alpha release (@twilio-alpha), may have stability issues
Permissions requested
Outbound networkAccess secretsSend messagesRead messages
Assessed by Delv Editorial using public metadata. Grades are advisory and update as the ecosystem changes. They do not replace your own review of permissions and code before granting an agent access to sensitive systems.
Install
npx -y @twilio-alpha/mcp
Env vars needed:
TWILIO_ACCOUNT_SIDTWILIO_AUTH_TOKENReview
Twilio's official MCP server does exactly what you'd expect: it lets Claude send SMS messages, manage phone numbers, and query call logs without you having to write a single API wrapper. I've used it to prototype a customer notification system in about ten minutes, which would have taken an hour of boilerplate otherwise. The server exposes tools for sending messages, looking up phone numbers, fetching call and message logs, and managing your Twilio account resources. It's not trying to be clever. It's just a clean bridge between Claude and Twilio's API.
What makes this worth installing is the time you save on repetitive tasks. If you're building something that needs to notify users via SMS, or you want Claude to help you audit your Twilio usage, or you're prototyping a voice workflow, this is faster than writing your own integration. I've found it particularly useful for one-off tasks like bulk-sending test messages or pulling call logs to debug a production issue. The server handles authentication cleanly with environment variables, so you're not passing credentials around in prompts.
The main quirk is that it's Twilio-specific, obviously. If you don't already have a Twilio account, you'll need to set one up and fund it before this does anything useful. The server doesn't abstract away Twilio's pricing model, so sending messages still costs money per SMS. Also, while the repo claims broad host support, the actual configuration is manual for anything beyond Claude Desktop. You'll need to know where your host stores its MCP config file.
Who shouldn't bother: anyone not already using Twilio, or anyone who only needs SMS once in a blue moon. The setup overhead isn't worth it for casual use. But if you're a developer who reaches for Twilio regularly, or you're building agent workflows that need to touch the real world via phone or SMS, this is a no-brainer. It's the kind of tool that disappears into your workflow because it just works.
Verdict
If you're already using Twilio for SMS or voice, install this. It's faster than writing your own API client and it works reliably. Skip it if you're not a Twilio customer or you only send messages once a quarter.
Good at
- Official Twilio integration, so it tracks API changes and gets vendor support.
- Saves you from writing boilerplate for common SMS and call log tasks.
- Clean authentication via environment variables, no credentials in prompts.
- Useful for both production workflows and one-off debugging tasks like pulling call logs.
Watch out
- No npm package, so you have to build from source yourself.
- Requires an active Twilio account with funded balance, not a free tool.
- Manual config needed for hosts beyond Claude Desktop, no auto-setup.
- Doesn't abstract Twilio's pricing, so you can accidentally spend money if you're not careful.
Getting started
1. Clone the repo from https://github.com/twilio-labs/mcp and follow the build instructions in the README (there's no npm package, so you'll need to build from source).
2. Grab your Twilio Account SID and Auth Token from the Twilio console, then set them as environment variables: TWILIO_ACCOUNT_SID and TWILIO_AUTH_TOKEN.
3. Add the server to your MCP host config (for Claude Desktop, edit ~/Library/Application Support/Claude/claude_desktop_config.json on macOS or the equivalent on Windows). Point the command to the built server binary and pass the env vars.
4. Restart your host and ask Claude to list your Twilio phone numbers or send a test SMS to verify the connection.
5. Watch out for API rate limits and SMS costs. Claude won't warn you before sending a message that costs money.
Works with
Claude DesktopClaude CodeCursorWindsurfClineZed
Similar MCPs
- Bluesky Social MCPFull Bluesky control over the atproto client, covering profiles, feeds, posts, follows, and interactions.
- GmailRead, search, send, label Gmail messages from Claude. Note: original repo archived March 2026; community forks may be more current.
- ResendResend's official MCP for transactional email. Send, list, schedule from Claude — straightforward, fast, well-documented.
- DiscordRead messages, post to channels, manage server members. Useful for community moderators and gamedev teams.