WhatsApp Groups

ReviewAudited by ClawScan on May 10, 2026.

Overview

The skill appears purpose-built for WhatsApp group discovery, but it reads local WhatsApp/Baileys session data and can edit OpenClaw config despite registry metadata declaring no credentials or config paths.

Install only if you want this agent to inspect the local WhatsApp bot session under OpenClaw and reveal group IDs/names. Use `list`, `search`, and `get-id` for read-only discovery, and run `sync` only when you are comfortable with it editing `openclaw.json`.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI03: Identity and Privilege Abuse

What this means

An agent using this skill can learn WhatsApp group IDs and names from the local bot session.

Why it was flagged

The script reads the local WhatsApp/Baileys session credential directory to discover groups. This is purpose-aligned, but it is high-impact session/account access and the supplied registry metadata declares no primary credential or required config path.

Skill content

const CREDS_PATH = path.join(STATE_DIR, 'credentials', 'whatsapp', 'default'); ... const files = fs.readdirSync(CREDS_PATH);

Recommendation

Only install it where the agent is allowed to inspect that WhatsApp session. The skill should declare the WhatsApp session/config paths in metadata, and users should run it only for the intended bot account.

Low

#ASI02: Tool Misuse and Exploitation

What this means

Running `sync` can change the OpenClaw WhatsApp configuration, although it does not appear to automatically enable new groups.

Why it was flagged

The documented `sync` command mutates `openclaw.json` by adding discovered WhatsApp groups. The change is scoped and groups are added disabled, but it is still a local configuration write.

Skill content

if (newGroups.length > 0) { fs.writeFileSync(CONFIG_PATH, JSON.stringify(config, null, 2), 'utf8'); }

Recommendation

Require explicit user intent before running `sync`, and review `openclaw.json` afterward.

Info

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

Users have limited provenance information beyond the registry artifact itself.

Why it was flagged

The provided artifacts include the script source, but there is no external provenance or homepage to help users verify the publisher or project.

Skill content

Source: unknown
Homepage: none

Recommendation

Review the included script before use and prefer a verified source or publisher metadata when available.