ClawHub

WhatsApp Contacts

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it reads local WhatsApp/Baileys contact cache data and prints requested contact results, with no evidence of exfiltration, mutation, persistence, or hidden behavior.

Install only if you want the agent to access contacts from the default local WhatsApp/Baileys session cache. Prefer targeted searches or small list limits, and avoid sharing the JSON output outside the context where those contact details are needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The script reads WhatsApp contact/cache data from a filesystem location under a user state directory, and the base path can be influenced by the OPENCLAW_STATE_DIR environment variable. While this does not itself execute code, it enables access to sensitive local messaging metadata and can redirect reads to unintended locations if the environment is attacker-controlled, increasing the risk of privacy exposure or unauthorized data access.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill loads WhatsApp contacts from the local Baileys session cache and prints names, phone numbers, statuses, and image URLs directly to output without any privacy notice, minimization, or access control. This exposes personally identifiable information from a private messaging account and makes bulk enumeration or targeted lookup trivial for any caller able to invoke the skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal