ClawHub

GOWA - WhatsApp Automation

Security checks across malware telemetry and agentic risk

Overview

This is legitimate WhatsApp automation documentation, but it gives an agent broad control over a linked WhatsApp account without enough safety boundaries.

Install only if you intentionally want an agent to operate your WhatsApp account through a local REST server. Keep it bound to localhost, enable Basic Auth if available, run it only on a trusted machine, and require explicit confirmation before sending messages, using @everyone or ghost mentions, reading/exporting chats or contacts, deleting/editing messages, removing devices, logging out, or changing group membership/admin settings.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill openly documents actions that can send messages, upload media, modify groups, revoke messages, and log out the WhatsApp session, but it does not warn that these operations change external account state and may expose private data. In an agent context, missing safety guidance increases the chance of unintended high-impact actions being performed without explicit user confirmation.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill advertises a ghost-mention feature that can notify all group members while hiding the visible @ mention, which is inherently disruptive and can be abused for spam, harassment, or covert mass notification. The absence of any warning, rate limiting guidance, or consent requirement makes misuse more likely in automation scenarios.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation exposes numerous destructive and privacy-impacting capabilities such as deleting devices, exporting group participants, modifying group membership, changing account profile data, and downloading message media without any safety guidance, authorization expectations, or user-consent warnings. In an agent skill context, this increases the chance that an automation layer will invoke sensitive actions on behalf of a user without adequate confirmation or guardrails, especially because the same document also notes that authentication is not required by default.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
- `GET /devices` - List all registered devices
- `POST /devices` - Add new device
- `GET /devices/:device_id` - Get device info
- `DELETE /devices/:device_id` - Remove device
- `GET /devices/:device_id/login` - Login with QR code
- `POST /devices/:device_id/login/code` - Login with pairing code
- `POST /devices/:device_id/logout` - Logout device
Confidence
83% confidence
Finding
DELETE /devices/:device_id`

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal