ClawHub

WhatsApp Utils

Security checks across malware telemetry and agentic risk

Overview

This WhatsApp utility does what it advertises, but it can read local WhatsApp state and print a full contact list without strong privacy guardrails.

Install only if you are comfortable letting the agent read your local OpenClaw WhatsApp state directory and display cached contacts in the conversation or logs. Use export-contacts only on explicit user request, and avoid running it in shared or untrusted agent sessions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill documentation advertises executable functionality with detectable environment access capability, but declares no permissions or trust boundaries. That mismatch can mislead operators and downstream tooling about what the skill can access, reducing scrutiny and enabling unintended exposure of environment-derived secrets or configuration.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The generic `COMMAND [ARGS]` invocation pattern exposes a broad execution surface without constraining allowed subcommands, argument formats, or safety checks. In an agent context, this increases the chance of misuse, unintended command paths, or invocation of sensitive operations beyond what a caller expected from the documentation.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill explicitly documents `export-contacts`, which is a data exfiltration-capable operation, but provides no warning, consent requirement, or scope limitation. In a WhatsApp automation context, contacts are sensitive personal data, so exposing export functionality without privacy guardrails materially raises the risk of unauthorized bulk disclosure.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The exportContacts command reads contacts.json from the WhatsApp credentials/state directory and prints a full structured contact list, including phone numbers and names, directly to stdout. In an agent skill context, this creates a clear privacy and data-exposure risk because invoking the utility can disclose sensitive contact data without access control, confirmation, redaction, or an explicit warning about the sensitivity of the output.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal