farid wa
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is a coherent WhatsApp Business API guide, but it has inconsistent package identity and includes a real-looking Maton connection ID in credentialed examples.
Before installing, verify that this package is from the intended publisher, do not use the sample connection_id, and only provide MATON_API_KEY/connect WhatsApp Business if you are comfortable with the agent sending messages and managing account resources through Maton.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You may be granting business-messaging access while the package publisher/source is unclear or inconsistent.
The registry identity is unknown/faridwahysapp, while bundled _meta.json says slug "whatsapp-business" version "1.0.3" and SKILL.md says author "maton". That provenance mismatch matters because the skill asks for a Maton API key and WhatsApp Business OAuth access.
Name: farid wa; Source: unknown; Slug: faridwahysapp; Version: 1.0.0
Verify the publisher and source before installing, especially if you will provide a MATON_API_KEY or connect a WhatsApp Business account.
A user or agent copying the example could attempt to use or expose a specific connection identifier instead of selecting the user's intended WhatsApp Business connection.
The Maton API key authorizes account actions, and the Maton-Connection header selects a managed OAuth connection. The executable example uses a concrete connection UUID instead of a placeholder.
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
req.add_header('Maton-Connection', '21fd90f9-5935-43cd-b6c8-bde9d915ca80')Replace the UUID with a placeholder in the skill docs and require users to list/select their own connection before sending messages or managing account resources.
If used with valid credentials, the agent can send real customer messages and change WhatsApp Business resources.
These are high-impact external actions, but they are disclosed and aligned with the skill's stated WhatsApp Business integration purpose.
Access the WhatsApp Business API with managed OAuth authentication. Send messages, manage message templates, handle media, and interact with customers through WhatsApp.
Review recipients, message content, phone number IDs, and template/account changes before allowing the agent to make requests.
Customer communication data and business account actions may be processed by Maton and Facebook as part of normal operation.
The data flow through Maton and Facebook is disclosed and expected, but message contents, recipient phone numbers, and account actions will pass through that gateway/provider path.
The gateway proxies requests to `graph.facebook.com` and automatically injects your OAuth token.
Only send data permitted by your privacy/compliance rules and ensure you trust the Maton gateway for this integration.