Back to skill

Security audit

TTS WhatsApp

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed WhatsApp text-to-speech helper, but it can send real messages and delete its own generated files.

Install only if you trust the connected Clawdbot WhatsApp account. Test with --no-send first, avoid setting a default recipient unless intentional, verify phone numbers and group IDs before sending, and check paths carefully before running uninstall deletion commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The installation guide instructs users to configure a real default WhatsApp target and then run live send tests, but it does not clearly warn that these commands will send actual messages to the configured number or group. In a messaging skill, this can cause unintended disclosure, spam, or accidental delivery to the wrong recipient if the default target is misconfigured.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The uninstall section uses irreversible deletion commands against skill and model directories without an explicit warning that the data will be permanently removed. Users may accidentally delete downloaded models or local modifications, which is especially risky because rm -rf provides no recovery prompt by default.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README advertises automatic WhatsApp sending and automatic file deletion, but it does not clearly warn users about the privacy, messaging-cost, and data-loss implications of enabling those behaviors. In an agent skill context, automatic outbound communication can transmit sensitive content to unintended recipients and cleanup can remove artifacts needed for review or recovery, making misuse or operator error harder to detect.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly advertises automatic WhatsApp delivery, including to groups, but does not provide a clear user-facing warning about the privacy, consent, and misdelivery risks of sending generated voice messages to real recipients. In a user-invocable messaging skill, this omission increases the chance of accidental spam, disclosure of sensitive content, or unintended group broadcasts, especially when defaults or copied examples are used without careful review.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
rm -rf ~/.clawdbot/skills/tts-whatsapp

# Optionally remove voice models
rm -rf ~/.clawdbot/skills/piper-tts

# Optionally uninstall Piper
pip3 uninstall piper-tts
Confidence
94% confidence
Finding
rm -rf ~/.clawdbot/skills/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.