ClawHub

Evolution WhatsApp

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but it gives broad WhatsApp messaging and chat-access power while under-disclosing privacy, credential, and local .env execution risks.

Install only if you trust and control the configured Evolution API instance and are comfortable giving the agent real WhatsApp send, read, contact, and group-management authority. Treat EVO_INSTANCE_TOKEN as a secret, avoid committing or logging it, rotate it if exposed, and do not keep an untrusted .env file next to evo.sh. Add human confirmation for sending messages or changing groups, and consider privacy or consent obligations before fetching or summarizing chats.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The script sources a local .env file as shell code rather than parsing it as data. If that file is modified by another local user, a compromised repository, or an untrusted package/archive, arbitrary commands will execute when the wrapper runs, which goes beyond simple configuration loading described in the comments.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill documentation instructs users to export a long-lived instance API token into environment variables but does not warn that this credential is sensitive, should be scoped minimally, and must not be logged, shared, or committed. In agent environments, such tokens can be exposed through shell history, debug output, misconfigured telemetry, or prompt/context leakage, enabling unauthorized control of the connected WhatsApp instance.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill advertises capabilities to send messages, fetch chats/messages/contacts, manage groups, and summarize group conversations without any privacy, consent, or data-handling warnings. Because this grants broad access to private communications and contact data, a user or downstream agent may enable surveillance-like behavior or expose sensitive third-party information without understanding the privacy and compliance implications.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal