PROBAR
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill is coherent, but it gives an external WhatsApp CLI access to authenticate, sync/search message history, and send messages or files when the user explicitly asks.
Install this only if you trust the wacli CLI. Expect to authenticate with WhatsApp, store synced data under ~/.wacli unless overridden, and confirm every recipient, message, and file before sending.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken recipient, message, or attachment could be sent to another person or group.
The skill can send WhatsApp messages, including files, to third parties; the artifact includes appropriate user-confirmation safeguards.
Safety - Require explicit recipient + message text. - Confirm recipient + message before sending.
Confirm the recipient, message text, and any attachment path before allowing a send command.
After authentication, the CLI may be able to read synced history and send messages through the user's WhatsApp account.
QR login grants the external CLI delegated access to the user's WhatsApp account, which is expected for this skill but sensitive.
`wacli auth` (QR login + initial sync)
Authenticate only if you trust the wacli tool and revoke or remove the session if you no longer need it.
Future or unexpected package changes could alter the behavior of the tool that handles WhatsApp access.
The skill relies on an external CLI installed from a tap or an unpinned Go module; this is central to the skill, but users are trusting that external package.
brew | formula: steipete/tap/wacli ... go | module: github.com/steipete/wacli/cmd/wacli@latest
Install from the official source, consider pinning a known version where possible, and review the wacli project before granting WhatsApp access.
Private WhatsApp messages may be stored locally and made available for later searches or agent context.
The skill can continuously sync and store WhatsApp history locally so it can be searched, which is purpose-aligned but sensitive.
`wacli sync --follow` (continuous sync) ... Store dir: `~/.wacli`
Use sync only when needed, scope searches/backfills to specific chats where possible, and protect or clean up the ~/.wacli store if it contains sensitive messages.