ClawHub

WhatsApp Business API

Security checks across malware telemetry and agentic risk

Overview

This is a coherent WhatsApp Business API reference skill, but it should be used carefully because it can help operate a real business messaging account.

Install this only if you want an agent to help with WhatsApp Business Cloud API work. Keep Meta tokens, app secrets, and webhook verification tokens out of chat and memory files; use environment variables or a secrets manager. Prefer explicit activation, review any saved local memory, and require confirmation before sending customer messages, deleting resources, updating business profiles, or disabling two-step verification.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation includes a destructive request that disables two-step verification but provides no warning, prerequisite checks, or recovery guidance. In an agent skill context, users may copy-paste examples directly, so presenting a security-reducing action without explicit caution can lead to accidental weakening of account protections and easier account takeover if other credentials are exposed.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The template explicitly instructs creation of a persistent memory file that can store sensitive operational data such as phone numbers, webhook URLs, business context, and behavioral preferences. Persisting this information without any privacy notice, consent flow, retention limits, minimization guidance, or protection requirements increases the risk of unauthorized disclosure, over-collection, and long-term exposure of business-sensitive data.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The prompt 'Want me to help whenever WhatsApp comes up, or only when you ask?' gives the skill broad discretion to activate on loosely related conversations, which can cause unintended invocation and collection or use of sensitive business context without clear user intent. In a skill that handles business messaging setup and credentials, ambiguous activation increases the chance of overreach into credential-adjacent or operational discussions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The setup instructs the agent to persist business context in a local file under ~/whatsapp-business-api/memory.md, including phone numbers and webhook URLs, without any warning, consent flow, retention limit, or sensitivity guidance. Persistent local storage of operational metadata can expose sensitive information to other tools, users on the system, backups, or later unintended reuse, especially when paired with credential setup steps in the same skill.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal