WhatsApp Chats
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill lets the agent inspect local WhatsApp session-derived chat identifiers, contact numbers, and group identifiers.
The skill uses the local WhatsApp/Baileys credential/session directory as its data source. This is aligned with the stated WhatsApp-chat purpose, but it is sensitive account/session-adjacent access.
const CREDS_PATH = path.join(process.env.OPENCLAW_STATE_DIR || path.join(os.homedir(), '.openclaw'), 'credentials', 'whatsapp', 'default');
Use it only when you intend the agent to access the local WhatsApp session cache; the skill metadata should ideally declare this credential/config dependency explicitly.
WhatsApp contact names, phone-derived IDs, group IDs, and possibly the local cache path may appear in the conversation or model context.
The skill reads persistent WhatsApp contact data and emits names, IDs, and contact metadata into the agent's context. This is expected for search/list features, but the returned data is private and should be treated as data, not instructions.
const contacts = JSON.parse(fs.readFileSync(contactsPath, 'utf8')); ... results.push({ id, name: contact.name || contact.notify, type: id.endsWith('@g.us') ? 'group' : 'contact' });Run specific searches or limited listings when possible, and avoid invoking it if you do not want WhatsApp contact metadata exposed to the agent session.
You are relying on the included registry artifact rather than an independently verifiable upstream source.
The supplied code is small and fully included, with no remote installer shown, but the registry artifacts do not provide an external provenance source or homepage.
Source: unknown; Homepage: none; Install specifications: No install spec — this is an instruction-only skill.
Review the included script before use and prefer skills with clear source provenance when handling sensitive account data.