ClawHub

Whatsapp Auto Reply

Security checks across malware telemetry and agentic risk

Overview

This skill needs review because one artifact says it only drafts WhatsApp replies, while the code sends messages to phone numbers through an external API using a WhatsApp API key.

Install only if you intentionally want an agent to send WhatsApp messages, have verified the external API provider, understand what the WHATSAPP_API_KEY can do, and can enforce confirmation, recipient allowlists, and rate limits outside the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (11)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README describes sending WhatsApp messages through an external API but omits any discussion of consent, privacy handling, rate limiting, or abuse prevention. A skill that can transmit user-provided content to third-party messaging infrastructure creates real privacy and spam risk, especially if operators deploy it without understanding those impacts.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The manifest describes the skill as automatically sending WhatsApp responses, but it does not define any trigger constraints, approval requirements, or scope limits. That creates a real risk of the skill being invoked in unintended contexts and causing unsolicited outbound messaging through an external API.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The description mandates automatic messaging behavior without mentioning user choice, consent, or opt-in controls. In a messaging context, this is dangerous because it can facilitate spam, accidental disclosure, or unauthorized communications to phone numbers provided as input.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill transmits user-supplied phone numbers and message contents to an external API without any visible notice, consent check, or minimization controls. This creates privacy and compliance risk because personal data and potentially sensitive message content are sent off-box to a third-party service with no transparency or safeguards in the code.

External Transmission

Medium
Category
Data Exfiltration
Content
phone = input_data["phone_number"]
    message = input_data["message"]

    response = requests.post(
        "https://api.whatsapp-service/send",
        headers={"Authorization": f"Bearer {API_KEY}"},
        json={
Confidence
89% confidence
Finding
requests.post( "https://

External Transmission

Medium
Category
Data Exfiltration
Content
phone = input_data["phone_number"]
    message = input_data["message"]

    response = requests.post(
        "https://api.whatsapp-service/send",
        headers={"Authorization": f"Bearer {API_KEY}"},
        json={
Confidence
89% confidence
Finding
requests.post( "https://api.whatsapp-service/send", headers={"Authorization": f"Bearer {API_KEY}"}, json=

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
whatsapp_auto_reply

## Description
This OpenClaw skill automatically sends a WhatsApp reply by connecting to an external messaging API. It demonstrates a multi-step autonomous workflow including API communication, message processing, and structured output generation.

## Functionality
- Receive message input
Confidence
81% confidence
Finding
automatically send

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
python-dotenv>=1.0.0
Confidence
96% confidence
Finding
requests>=2.31.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
python-dotenv>=1.0.0
Confidence
96% confidence
Finding
python-dotenv>=1.0.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
87% confidence
Finding
requests

Known Vulnerable Dependency: python-dotenv — 1 advisory(ies): CVE-2026-28684 (python-dotenv: Symlink following in set_key allows arbitrary file overwrite via )

Low
Category
Supply Chain
Confidence
72% confidence
Finding
python-dotenv

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal