WhatsApp Contacts
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears to do what it says—read WhatsApp/Baileys contacts locally—but it can expose contact details from your local session cache to the agent.
This looks like a coherent, read-only contacts helper. Before installing, make sure you are comfortable giving the agent access to contact information from the default local WhatsApp/Baileys session cache.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked, the agent can inspect contact data associated with the default local WhatsApp/Baileys session.
The script reads from a local WhatsApp/Baileys session-related credentials directory. This is disclosed and scoped to the default WhatsApp cache, but it is still sensitive local account/session-adjacent data.
process.env.OPENCLAW_STATE_DIR || path.join(os.homedir(), '.openclaw'), 'credentials', 'whatsapp', 'default'
Install only if you want the agent to access contacts from that local WhatsApp session, and verify the default session is the account you intend to use.
Contact details for people or groups in the local WhatsApp cache may be shown to the agent and included in conversation output.
Returned results can include names, phone numbers, status, and image URLs from the cached contact data, which may then appear in the agent conversation context.
name: contact.name || contact.notify || 'Unknown',
phone: id.replace('@s.whatsapp.net', '').replace('@g.us', ''),
status: contact.status || null,
imgUrl: contact.imgUrl || nullUse specific searches or small list limits when possible, and avoid sharing the output beyond the context where those contact details are needed.