Back to skill
Skillv2.3.0
ClawScan security
Evolution Api v2 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 11, 2026, 9:36 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions match a WhatsApp automation API, but metadata and runtime declarations are inconsistent and the skill guides configuring webhooks and credentials that could expose message data if pointed at untrusted endpoints.
- Guidance
- This skill appears to be a documentation-only helper for an Evolution WhatsApp API and is coherent with that purpose, but review these points before installing: 1) The SKILL.md expects EVO_API_URL, EVO_GLOBAL_KEY (admin), EVO_INSTANCE and EVO_API_KEY (instance) — the registry metadata omitted these; treat that as a red flag and confirm required envs with the publisher. 2) Only give the GLOBAL_KEY to a trusted server; prefer using instance-level keys (EVO_API_KEY) for messaging. 3) Be careful when configuring webhooks, SQS/RabbitMQ, Chatwoot or S3 — those can forward message content to external services. Do not point webhooks to unknown third-party URLs or paste production credentials there. 4) Because this is instruction-only and has no code to inspect, verify the actual Evolution API server you will talk to (EVO_API_URL) is under your control or from a trusted provider before providing keys. 5) If you need higher assurance, ask the publisher for the canonical homepage/source code or run the API on infrastructure you control; otherwise treat metadata omissions as a sign to proceed cautiously.
Review Dimensions
- Purpose & Capability
- noteThe name/description align with the SKILL.md: it documents Evolution API v2.3 for WhatsApp automation (instances, messaging, groups, chatbots, webhooks, S3, Chatwoot). The declared runtime environment variables in SKILL.md (EVO_API_URL, EVO_GLOBAL_KEY, EVO_INSTANCE, EVO_API_KEY) are appropriate for that purpose. However the registry metadata reported earlier lists no required env vars — a discrepancy between published metadata and the skill's runtime instructions.
- Instruction Scope
- noteSKILL.md is instruction-only and stays within the API's domain: curl/HTTP calls to EVO_API_URL for instance management, messaging, etc. It does not instruct reading local files or unrelated system settings. It does, however, include examples to configure webhooks, RabbitMQ/SQS, Chatwoot and proxy credentials — all of which can forward incoming messages or events to arbitrary external endpoints, so misconfiguration or pointing those to untrusted URLs could leak message content.
- Install Mechanism
- okNo install spec and no code files — lowest-risk distribution model. Nothing is downloaded or written to disk by the skill itself.
- Credentials
- concernThe SKILL.md requires multiple secrets (global admin key and per-instance API key) which are appropriate for managing and sending WhatsApp messages. But the published registry metadata listed no required environment variables or primary credential — this mismatch is concerning because the runtime instructions clearly require sensitive credentials. Also the skill guides inclusion of webhook headers or external service tokens (Chatwoot, RabbitMQ/SQS, proxy creds, S3) in instance creation payloads; those are expected for integrations but increase the attack surface if provided to an untrusted API host.
- Persistence & Privilege
- okalways:false and user-invocable:true (defaults) — the skill does not request forced persistent inclusion or other elevated platform privileges. It does not modify other skills or system-wide agent settings in the instructions.