ClawHub

EngageLab WhatsApp Business

Security checks across malware telemetry and agentic risk

Overview

This is a coherent EngageLab WhatsApp helper, but it needs Review because it can send real business messages, change or delete templates, and recommends unauthenticated webhooks.

Install only if you intend to let an agent help with EngageLab WhatsApp Business messaging. Use least-privilege credentials, confirm recipients and message content before sending, confirm exact templates before delete/update actions, and do not deploy the unauthenticated webhook guidance without compensating controls such as secret validation, allowlisting, schema checks, rate limits, and reconciliation against authenticated API state.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill clearly enables outbound HTTP requests to a third-party API, yet no explicit permissions declaration is present. That mismatch can bypass user/operator expectations and weakens governance around network-capable skills, especially because the skill handles credentials, phone numbers, message bodies, and webhook configuration.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad enough to capture generic WhatsApp-related requests that may not be intended for EngageLab. This can cause the wrong skill to activate, leading users to disclose credentials or recipient data to an unintended third-party integration and increasing the chance of unintended message sends.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill facilitates sending message content, recipient phone numbers, and callback/webhook data to EngageLab but does not prominently warn users that this information leaves the local system and is processed by an external provider. In a messaging context, that omission materially increases privacy and compliance risk because the data may include personal, marketing, or authentication content.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The document explicitly instructs operators to expose a webhook endpoint that must not require authentication because the callback security mechanism is 'pending'. This creates an unauthenticated inbound trust boundary where attackers can forge delivery, response, or notification events, potentially triggering fraudulent business logic, data poisoning, or misleading operational actions.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The documentation states that deleting by template name removes all language variants, but it does not provide a prominent warning or require any confirmation guidance despite the broad destructive scope. In an agent-integrated skill, this can lead to accidental bulk deletion if a user or model assumes only a single template variant will be removed.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
**Update** — `PUT /v1/templates/:templateId` (same body as create)

**Delete** — `DELETE /v1/templates/:templateName` (deletes all languages for that name)

### Template Categories
Confidence
87% confidence
Finding
DELETE /v1/templates/:templateName`

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal