GOWA - WhatsApp Automation
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill is coherent for WhatsApp automation, but it gives an agent broad control over a linked WhatsApp account without clear confirmation or access-boundary guardrails.
Review this carefully before installing. If you use it, enable Basic Auth, keep GOWA bound to trusted localhost only, require manual confirmation before any send/delete/group/admin/profile action, avoid hidden @everyone mentions unless explicitly intended, and log out or remove the linked device when automation is no longer needed.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could accidentally or over-broadly change group membership/admin status or delete/edit WhatsApp content if a task is misunderstood.
The skill exposes high-impact WhatsApp mutation endpoints, including group moderation/admin changes and message revocation, but the artifacts do not require explicit confirmation or constrain targets before use.
Remove Participant: POST /group/participants/remove ... Promote to Admin: POST /group/participants/promote ... Revoke/Delete Message: POST /message/{message_id}/revokeAdd strict user-confirmation rules for every send, delete/edit, profile, and group-management action; show the target, content, and irreversible effects before executing.
A linked WhatsApp account could be used to send messages, manage groups, or read account data through an unauthenticated local API.
The documented API can control a linked WhatsApp account, but authentication is optional and off by default, so any local process or agent with access to the endpoint may be able to act through the account.
Authentication - No authentication required by default - Optional Basic Auth (if GOWA started with `--basic-auth=user:password`)
Run GOWA only on trusted localhost, enable Basic Auth, restrict local access, and link only accounts you are comfortable automating.
Private WhatsApp conversations and contact/group data may be exposed to the agent during use.
The skill can retrieve private contacts, chat lists, chat messages, and group participant exports into the agent context. This is aligned with WhatsApp automation but sensitive.
GET /user/my/contacts - List contacts ... GET /chats - Get chat list ... GET /chat/:chat_jid/messages - Get chat messages ... GET /group/participants/export - Export participants (CSV)
Ask for only the specific chat or contact data needed, avoid broad exports, and review any retrieved content before reusing or sharing it.
The agent could generate high-notification group messages that are not transparent to recipients and may be perceived as spammy or deceptive.
The skill explicitly supports hidden mention-all notifications, which can affect many recipients without a visible @everyone marker in the message text.
Ghost Mention (mention all without showing @ in text) ... Use `"@everyone"` to mention all group members ... Members get notification but no @ shown in message text
Use ghost mentions only with explicit user approval and clear intent; consider requiring visible disclosure in the message text for group-wide notifications.
Installing the wrong or tampered binary would give that binary access to the local environment and the linked WhatsApp session.
The setup relies on the user manually downloading and running an external binary. This is expected for the integration, but the skill does not provide checksum, signature, or pinned-version verification guidance.
Go to the releases page ... download the zip matching your OS and architecture ... Run REST Server: `./gowa rest`
Download only from the official project release page, verify releases where possible, and keep the binary updated from a trusted source.