test
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is purpose-built for WhatsApp, but it can access and persist your WhatsApp account history and send messages, with the session/sync scope not fully bounded in the artifacts.
Review carefully before installing. Use this only if you are comfortable granting a CLI access to your WhatsApp account and chat history. Confirm every recipient, message, and file before sending; avoid `sync --follow` unless necessary; use a dedicated `--store` location; and delete or revoke the local wacli session when finished.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used incorrectly, the agent could send a message or file to the wrong person or group.
The skill can send WhatsApp texts, group messages, and files to other people. The explicit recipient/message and confirmation requirements make this purpose-aligned, but users should notice the external messaging authority.
Safety - Require explicit recipient + message text. - Confirm recipient + message before sending. ... - File: `wacli send file --to "+14155551212" --file /path/agenda.pdf --caption "Agenda"`
Only allow sends after reviewing the exact recipient, message text, and any file path.
Installing and using this may give the agent-operated CLI access to your WhatsApp account, including the ability to send messages and read synced history.
The skill requires WhatsApp account authentication and stores local session/account data, while the registry requirements declare no primary credential or required config path. That under-declares high-impact account access.
- `wacli auth` (QR login + initial sync) ... - Store dir: `~/.wacli` (override with `--store`).
Treat this like granting WhatsApp account access. Authenticate manually, use a dedicated store if possible, and verify how to revoke or delete the local session.
Private WhatsApp conversations could be copied into a local store and later searched or exposed in agent context.
The skill can continuously sync, search, and backfill WhatsApp messages, which may persist sensitive private chat history locally. The artifacts do not clearly define retention, exclusions, or limits on what history is stored or reused.
- `wacli sync --follow` (continuous sync) ... - `wacli messages search "query" --limit 20 --chat <jid>` ... - `wacli history backfill --chat <jid> --requests 2 --count 50`
Avoid broad or continuous sync unless needed. Limit sync to specific chats where possible, use `--store` to isolate data, and remove the store after use.
The security of the skill depends heavily on the external wacli package and its future updates.
The skill depends on an external CLI installed from a Homebrew tap or an unpinned Go module. This is consistent with the skill purpose, but the reviewed artifacts do not include the CLI code.
brew: steipete/tap/wacli ... go: github.com/steipete/wacli/cmd/wacli@latest
Install only from a source you trust and consider pinning or reviewing the wacli version before granting WhatsApp access.