WhatsApp 428 修复

Security checks across malware telemetry and agentic risk

Overview

This skill appears aimed at fixing WhatsApp gateway connectivity, but it makes persistent local code, proxy, and service changes with limited user control.

Review before installing or running this skill. Use it only on a host where you are comfortable modifying the gateway installation and routing WhatsApp traffic through the configured proxy. Back up the service file and installed package files first, verify the proxy operator and endpoint, run during a maintenance window, and be prepared to roll back if connectivity or messaging behavior changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (5)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill instructs users to edit a user systemd service and restart the gateway, which changes local runtime networking behavior and can interrupt connectivity or route traffic unexpectedly. Without an explicit warning, confirmation step, or rollback guidance, users may misconfigure proxy settings, break service availability, or send traffic through an unintended local proxy.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The mandatory code-level changes add proxy support to the WhatsApp connection path but omit any notice that application traffic may traverse a proxy, affecting privacy, trust boundaries, logging exposure, and reliability. Because this is presented as a required fix, operators may embed proxying into production code without understanding the security and operational consequences.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The script makes persistent changes to installed application JavaScript files and backs them up, but does so automatically with no confirmation, dry-run, or integrity/version checks. In this skill context, directly patching files under a global node_modules path and a user systemd unit is risky because a typo, unexpected file layout, or package update can silently break the gateway or leave it in an unsupported state.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The script performs a network package installation and then configures proxy-related behavior, but does not clearly warn the operator beforehand or require consent for these environment/network changes. In this context, changing proxy settings can reroute application traffic and npm install introduces supply-chain and operational risk, especially on a production host.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The script reloads systemd and restarts the OpenClaw gateway unconditionally, which can interrupt active service operation and user sessions without notice. In a messaging/connection-repair skill, this is particularly relevant because restarting the gateway may temporarily disrupt automation or connectivity and can cause avoidable downtime if run at the wrong time.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal