Should I change them urgently with new keys specific for my account?
The devs keys are only meant to be used during development purposes. Before you launch your site and let any production users go onto it, you should definitely already have proper keys of your own in place.
Especially since your users probably don’t want to read a weird application name “Auth0 example” on the consent screen 
But also: you don’t have any control of the twitter app that’s registered by Auth0 and got the dev keys. And you probably want to be in full control of that twitter app.
Regarding the email address: why do you need that email address of the user? The only reason would be that you want to send the users emails, otherwise there’s not really a need, right? So, let’s assume that’s the case (that you want to send out emails).
Twitter provides the option to signup with phone number or email address. If signing up with an email address, or adding an email address afterwards, Twitter always requires a verification code (otherwise it doesn’t let you signup or change the email address in the profile settings). So, you can be sure that the email on Twitter side is verified (if you get one back from Twitter, since an email address afaik isn’t required). Therefore I’d say an additional verification on your end isn’t necessary. You can set it to email_verified=true within a Rule then, calling the Management API.