Back to skill
Skillv1.0.0
ClawScan security
WhatsApp Labels · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 19, 2026, 4:43 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This skill is internally consistent: it reads local WhatsApp Business session/cache files to list and search labels and does not request external credentials or perform network calls.
- Guidance
- This skill is coherent with its purpose: it runs a bundled Node script that reads WhatsApp cache files from OPENCLAW_STATE_DIR or ~/.openclaw/credentials/whatsapp/default and outputs labels or chats matching a label. Before installing, verify you are comfortable allowing the agent to read those local files (they may include contact names and labels). Note the script is read-only — it does not modify WhatsApp data or call external services — and it does not request any additional credentials. If you do not want the agent to access your WhatsApp cache, do not install or run this skill. If you need write/manage capabilities, this skill does not provide them; inspect or test the script locally to confirm behavior.
Review Dimensions
- Purpose & Capability
- noteThe name/description (list and search WhatsApp Business labels) matches the included code which reads label and contact cache files. Minor wording mismatch: SKILL.md says 'Manage' but the script is read-only (list/search) and does not modify labels.
- Instruction Scope
- okSKILL.md directs the agent to run the included Node script; the script only reads local files (store.json, labels.json, contacts.json) under a specific OpenClaw state path and prints JSON results. It does not run network requests or access other system paths.
- Install Mechanism
- okNo install spec is provided (instruction-only with a bundled script). Nothing is downloaded or written by an installer; risk from install mechanism is minimal.
- Credentials
- noteThe skill does not require declared env vars, but the script will honor OPENCLAW_STATE_DIR if present and otherwise reads ~/.openclaw/credentials/whatsapp/default. Reading those files is proportionate to listing/searching labels, but those files can contain PII or session data — users should be aware the agent will access local WhatsApp cache/contact data.
- Persistence & Privilege
- okThe skill is not always-enabled and uses default autonomous invocation settings. It does not modify other skills, install services, or persist changes; requested privileges are minimal.