ClawHub

WhatsApp Common Groups

Security checks across malware telemetry and agentic risk

Overview

This skill appears read-only and related to WhatsApp group lookup, but it reads local WhatsApp credential/state files and can bulk list member phone numbers without enough privacy scoping.

Install only if you intentionally want an agent to inspect your local WhatsApp state. Avoid using the all-members command unless you specifically need broad enumeration, and assume outputs may reveal private phone numbers, group IDs, group names, and relationship metadata in the agent transcript or logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The documentation explicitly advertises an all-members enumeration command that goes beyond the narrow skill summary. Exposing a bulk enumeration feature increases the risk of privacy abuse, social graph reconstruction, and collection of sensitive group membership information from local WhatsApp state.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill is described as finding shared groups and checking membership, but it also exposes a bulk enumeration capability that lists all known members across all groups. This materially expands the data-access scope beyond the stated purpose and enables broad extraction of sensitive social-graph metadata from local WhatsApp state.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The listAllMembers logic performs bulk extraction of phone numbers and inferred group counts from sender-key files, which is not necessary for merely finding shared groups or checking whether one number belongs to one group. This creates a privacy-invasive inventory of community membership patterns that could be abused for surveillance, targeting, or contact discovery.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill handles sensitive interpersonal data: group membership and shared-group relationships. Omitting a privacy warning can mislead users about the sensitivity of the operation and normalize covert inspection of contact relationships, increasing the chance of misuse or unauthorized analysis.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script directly accesses the local WhatsApp credential/state directory and parses files under it without any user-facing disclosure, consent flow, or safeguard. Even if intended for legitimate automation, accessing such sensitive state silently increases the risk of privacy violations and misuse of locally stored messaging metadata.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The find operation enumerates group membership data for a supplied phone number and outputs associated group identifiers and names, but the skill provides no privacy warning or authorization check. In context, this reveals sensitive relationship and affiliation metadata about individuals from local WhatsApp data.

Missing User Warnings

High
Confidence
98% confidence
Finding
The all-members command produces a bulk list of phone numbers and their inferred participation counts across groups, enabling large-scale disclosure of sensitive metadata. In this skill context, that is more dangerous because the advertised purpose is narrow, making the hidden aggregation feature an unjustified expansion into mass enumeration.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal