ClawHub

Whatsapp Context Manager for Agents

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built and not malicious, but it needs Review because it stores and exports sensitive customer chat/profile/order data without enough privacy, retention, or access-control guardrails.

Install only if you are comfortable treating the generated SQLite database as private customer data. Decide where it will be stored, who can access it, how long messages and order details will be retained, and whether exports should be redacted before use in logs, analytics, APIs, or training data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The file markets itself as a 'secure' context manager, but it stores customer PII and message contents directly in SQLite and logs phone numbers in plaintext. This is dangerous because it creates a false security expectation while exposing sensitive customer data to local compromise, backups, logs, and unauthorized operators.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly describes collecting, storing, exporting, and sharing customer data with CRM systems and APIs, but it does not provide a clear privacy notice, consent model, retention guidance, or warnings about handling personal data. In a customer-service WhatsApp context, this increases the risk of improper processing of sensitive personal information and noncompliant deployments, especially if users treat the README as sufficient implementation guidance.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill is explicitly designed to collect, store, and display sensitive customer data including phone numbers, names, emails, order details, sentiment history, notes, and full conversation history, yet the documentation provides no meaningful privacy notice, consent guidance, retention limits, or access-control expectations. In a customer-service context, this omission encourages deployment of a system handling PII without guardrails, increasing the risk of privacy violations, over-collection, and noncompliance with data protection requirements.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The conversation history and customer profile sections normalize broad access to message contents, notes, sentiment history, and contact details without any warning about least-privilege access, sensitive-data handling, or retention boundaries. Because these features surface historical and profile data directly to agents, missing safeguards make accidental oversharing, insider misuse, and unnecessary long-term storage materially more likely.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This example explicitly serializes the full context object to JSON and promotes using that export for logging, API responses, analytics, and machine learning training data without any warning about data minimization, consent, redaction, or access controls. In a WhatsApp customer-support context, the context object likely contains personal data, message history, order details, and possibly sensitive customer metadata, so this example can normalize insecure downstream handling of customer information.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The code persists raw customer messages, phone numbers, email addresses, notes, sentiment history, and order details to local storage without any visible consent, retention control, or privacy guardrails. In a WhatsApp customer-service context, this increases the sensitivity of the issue because the stored data is likely to contain personal and transactional information that could be exposed if the host or database is accessed.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal