ClawHub

WhatsApp Labels

PassAudited by ClawScan on May 10, 2026.

Overview

The skill is coherent and limited to reading a local WhatsApp Business label/contact cache, with no evidence of network exfiltration, writes, or hidden behavior.

This appears safe for its stated purpose if you want the agent to inspect your local WhatsApp Business label cache. Before installing, be aware it may display contact and label metadata from your local WhatsApp session, and the skill has no provided upstream source or homepage.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteHigh Confidence
ASI04: Agentic Supply Chain Vulnerabilities
What this means

It is harder to independently verify the publisher or upstream project.

Why it was flagged

The artifacts do not provide an upstream source or homepage. The included code is small and reviewable, so this is a provenance note rather than a behavioral concern.

Skill content
Source: unknown
Homepage: none
Recommendation

Review the included script before use and prefer verified sources when available.

NoteHigh Confidence
ASI02: Tool Misuse and Exploitation
What this means

Using the skill runs local code on the machine, though the reviewed script is narrow and does not show hidden commands.

Why it was flagged

The skill instructs the agent to invoke a local Node script. This is central to the skill and the command surface is limited to label listing/searching.

Skill content
exec({ cmd: "node <skill_dir>/scripts/labels.js COMMAND [ARGS]" })
Recommendation

Use it only if you are comfortable with the agent running the included local script.

NoteHigh Confidence
ASI03: Identity and Privilege Abuse
What this means

The agent can access cached WhatsApp Business label and contact metadata for the default local session.

Why it was flagged

The script reads from the local WhatsApp account/session cache path. This is purpose-aligned for listing labels, but it is account-scoped local data.

Skill content
path.join(os.homedir(), '.openclaw'),
  'credentials', 'whatsapp', 'default'
Recommendation

Use only on a trusted local session and be aware that results may reflect your WhatsApp Business account data.

NoteHigh Confidence
ASI06: Memory and Context Poisoning
What this means

Search results may reveal WhatsApp contact names, IDs, and labels to the current conversation.

Why it was flagged

The search command outputs cached contact identifiers, names, and labels. This is expected for the feature, but it can expose business/contact metadata into the agent context.

Skill content
results.push({
  id,
  name: contact.name || contact.notify,
  labels: contact.labels
});
Recommendation

Treat outputs as sensitive business/contact metadata and do not share them beyond the intended task.