ClawHub

WhatsApp Chats

Security checks across malware telemetry and agentic risk

Overview

This skill appears to provide a disclosed, read-only way to inspect local WhatsApp chat data, but users should treat it as privacy-sensitive.

Install only if you intentionally want an agent to read local WhatsApp chat/session data. Use it in a trusted workspace, avoid broad or casual searches over private conversations, and review outputs before sharing them because they may include names, phone numbers, group identifiers, and message content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill invokes a local Node.js script and describes access to local WhatsApp session/cache data, which implies capability to read environment-dependent local resources without declaring any permissions. Undeclared capabilities reduce transparency and prevent proper user consent or policy enforcement, especially for a skill handling private communications.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly allows browsing, searching, and analyzing local WhatsApp conversations, which are highly sensitive private communications, but it provides no privacy warning, consent flow, or usage boundaries. This increases the risk of unauthorized exposure of personal, confidential, or regulated data through normal skill use.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script directly targets the local WhatsApp credentials/session directory and enumerates sensitive account metadata from it without any user notification, consent check, or access control. Even though it does not exfiltrate message bodies, access to credential-derived files and session metadata can reveal contacts, groups, and account structure, which is privacy-sensitive and can aid further compromise or surveillance.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The search and listing functionality exposes private contact names, phone numbers, group identifiers, and chat metadata from local WhatsApp state without any explicit disclosure or user confirmation. In an agent skill context, this is especially risky because a caller can enumerate sensitive social graph information through simple commands, enabling privacy violations, profiling, or targeting.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal