v1.0.2

Wati

BenignClawScan verdict for this skill. Analyzed Apr 30, 2026, 9:26 PM.

Analysis

This appears to be a legitimate WATI integration, but it can use your Maton/WATI access to send WhatsApp messages and manage contacts, so approvals and correct account selection matter.

GuidanceInstall this only if you intend to let the agent use Maton to access your WATI account. Keep MATON_API_KEY private, verify the selected WATI connection, and approve write or broadcast actions only after checking the recipient, message content, and expected account impact.

Findings (7)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusNote

SKILL.md

Send WhatsApp messages, manage contacts... **All write operations require explicit user approval.**

The skill can perform high-impact WATI actions such as sending messages and changing contacts, but the instructions require explicit approval before writes.

User impactIf approved, the agent can send WhatsApp messages or modify WATI account data.

RecommendationReview the recipient, message content, contact, template, or connection target before approving any write operation.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

metadata

Source: unknown

The registry metadata does not provide a source repository, which is a provenance gap, although there are no install steps or code files in this artifact.

User impactUsers have less independent provenance information for the instruction artifact and its maintainer history.

RecommendationPrefer installing from trusted publishers and verify that the Maton service and registry owner are expected for your organization.

Unexpected Code Execution

SeverityLowConfidenceHighStatusNote

SKILL.md

python <<'EOF' ... urllib.request.urlopen(req)

The usage examples run local Python commands to make API requests; this is purpose-aligned and does not show eval, downloads, or dynamic execution.

User impactRunning the examples will execute local Python code and make network requests using the configured API key.

RecommendationRun only the documented snippets you intend to use and confirm they target the expected Maton/WATI endpoint.

Cascading Failures

SeverityMediumConfidenceMediumStatusNote

SKILL.md

Access is scoped to messages, contacts, templates, and WhatsApp broadcasts within the connected WATI account.

Broadcasts and account-wide contact changes can affect many recipients or records if an incorrect write is approved.

User impactA mistaken approval could send unwanted WhatsApp communications or change many WATI records.

RecommendationFor bulk or broadcast operations, verify audience, content, and account before approving the action.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

All requests require the Maton API key... Authorization: Bearer $MATON_API_KEY

The skill depends on a sensitive Maton API key that delegates access to WATI operations through Maton.

User impactAnyone or any agent process with the key may be able to access connected WATI capabilities within the account scope.

RecommendationStore MATON_API_KEY securely, avoid exposing it in chat or logs, and revoke or rotate it if it may have been shared.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceMediumStatusNote

SKILL.md

If you have multiple WATI connections, specify which one to use with the `Maton-Connection` header... always include this header

The skill uses persistent connection context, and a stale or omitted connection selection could route requests to the wrong WATI account.

User impactMessages or contact changes could be applied to an unintended connected account if connection context is reused incorrectly.

RecommendationWhen multiple connections exist, always specify and verify the intended connection ID before making requests.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusNote

SKILL.md

Maton proxies requests to your WATI instance and automatically injects your API token.

Requests and delegated WATI authentication pass through the Maton gateway, which is expected for this skill but is an important data boundary.

User impactMessage, contact, template, and connection data may transit the Maton service while using the integration.

RecommendationUse this only if you trust Maton to broker WATI access and comply with your organization's data-handling requirements.