ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

WhatsApp Group Admin

v1.0.0

Group administration utilities - info, stats, invite link parsing, and creation templates

0· 590·0 current·0 all-time
byMarcos Santos@marcosrippel
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code implements WhatsApp group info, stats, invite parsing and templates which matches the skill's description. However, the code requires access to local OpenClaw/WhatsApp state (credentials directory) to enumerate groups/members—this is reasonable for the stated purpose but the skill metadata does not declare that requirement.
!
Instruction Scope
SKILL.md instructs running node <skill_dir>/scripts/admin.js but does not mention that the script will read the user's OpenClaw WhatsApp credentials/state directory (defaults to $HOME/.openclaw/credentials/whatsapp/default or OPENCLAW_STATE_DIR). The script reads sender-key files and contacts.json, which may contain sensitive contact/group metadata. The instructions fail to warn the user about local file access.
Install Mechanism
There is no install spec (instruction-only), which minimizes install-time risk. However the skill includes a JS script that is intended to be run with 'node' — despite registry metadata declaring no required binaries. The absence of 'node' from required binaries is an inconsistency that should be corrected.
!
Credentials
The registry lists no required env vars or config paths, but the code reads OPENCLAW_STATE_DIR (if set) and falls back to ~/.openclaw/credentials/whatsapp/default. That path effectively gives the skill access to local WhatsApp credential/state files. The skill requests no external API keys, which is appropriate, but the undeclared local credential access is sensitive and should be explicitly declared.
Persistence & Privilege
always is false and the skill does not request persistent installation or modify other skills or system-wide settings. The skill can be invoked autonomously by the agent (platform default); combined with its local credential access this increases the potential blast radius, but autonomy alone is not a disqualifier.
What to consider before installing
This skill appears to do what it says (count group members, parse invite links, create templates) but it reads local OpenClaw/WhatsApp state files (sender-key-* files and contacts.json) which may include sensitive contact or group metadata. Before installing: (1) confirm you are comfortable granting the skill read access to ~/.openclaw/credentials/whatsapp/default (or set OPENCLAW_STATE_DIR to a safe path); (2) note the skill assumes node is available — the package metadata does not declare this requirement; (3) inspect the included scripts/admin.js yourself (it is short and readable) or run it in a sandbox to verify behavior; (4) if you do not want any skill to access local WhatsApp state, do not install or disable autonomous invocation for this skill; (5) ask the author/registry to update metadata to list required binary 'node' and to declare the config path(s) it reads so users can make an informed decision.

Like a lobster shell, security has layers — review code before you run it.

adminvk97c6wvhf9v8m66nmwpa0g0zf581fa1wbaileysvk97c6wvhf9v8m66nmwpa0g0zf581fa1wgroupsvk97c6wvhf9v8m66nmwpa0g0zf581fa1wlatestvk97c6wvhf9v8m66nmwpa0g0zf581fa1wofflinevk97c6wvhf9v8m66nmwpa0g0zf581fa1wwhatsappvk97c6wvhf9v8m66nmwpa0g0zf581fa1w

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments