ClawHub

WhatsApp OpenAPI Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed WhatsApp Cloud API helper with expected external messaging and profile-update authority, not hidden or self-running behavior.

Install this only if you intend to let your agent use your WhatsApp Business Cloud API credentials. Review message sends and business profile updates before execution, use the least-privileged Meta token practical for the target assets, and remember that messages may reach real recipients and account profile changes affect the live business account.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
This is a mismatch because the description says the skill operates the WhatsApp Cloud API, but the actual code shown does not call WhatsApp, UXC, or any external API at all. Instead, it performs static validation of local files to ensure the skill's documentation and schema meet expected conventions. That is materially different from the declared operational purpose, even though the validation targets a WhatsApp-related skill.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This JSON manifest exposes network operations that send user-provided message content, recipient phone numbers, and business profile data to the external Graph API. In the file, there is no accompanying warning, confirmation, or descriptive disclosure about these outbound data transfers and account-affecting updates.

Credential Access

High
Category
Privilege Escalation
Content
- Access to the curated OpenAPI schema URL:
  - `https://raw.githubusercontent.com/holon-run/uxc/main/skills/whatsapp-openapi-skill/references/whatsapp-cloud.openapi.json`
- A Meta app and WhatsApp Business account with Cloud API access.
- A valid system-user or app access token that can call the target WhatsApp assets.
- At least one `phone_number_id`, and for phone number listing, the related `waba_id`.

## Scope
Confidence
70% confidence
Finding
access token

Credential Access

High
Category
Privilege Escalation
Content
- Usage patterns: `references/usage-patterns.md`
- Curated OpenAPI schema: `references/whatsapp-cloud.openapi.json`
- WhatsApp Cloud API docs: https://developers.facebook.com/docs/whatsapp/cloud-api
- Graph API access tokens: https://developers.facebook.com/docs/graph-api/overview/access-tokens/
Confidence
70% confidence
Finding
access tokens

Credential Access

High
Category
Privilege Escalation
Content
"WhatsAppBearerAuth": {
        "type": "http",
        "scheme": "bearer",
        "bearerFormat": "system user or permanent access token"
      }
    },
    "schemas": {
Confidence
70% confidence
Finding
access token

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal