Twilio Account SID
Part of Security, which counts for 30% of the overall score. When this check fires it deducts 8 points from that category, once per scan, no matter how many places it turns up.
What it detects
A Twilio Account SID (AC + 32 hex) was found. The SID alone is an identifier, but it is almost always committed next to the auth token, so treat both as exposed.
Why it matters
A Twilio Account SID by itself is an identifier, not a secret, but it is almost always committed next to the auth token, which is a full credential. Treat a committed SID as a strong hint that the auth token is nearby and exposed. The auth token can send messages and make calls billed to your account.
How to fix it
Search the surrounding code for the Twilio auth token and move both into environment variables. Read them at runtime. Rotate the auth token in the Twilio console if it was exposed, and consider using API keys instead of the primary auth token.
The paid report includes a ready-to-paste prompt for your AI coding agent for every check it finds, pointed at the exact findings from your scan. See pricing
Does your repo trip this check?
Paste a GitHub URL or drop a project folder. Scans run in your browser and take seconds.
Scan your repo