Back to skill
Skillv1.0.0
VirusTotal security
WhatsApp Utils · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:11 AM
- Hash
- 4a553360db3a15a6080be69a64d54be4a17c07177411f8b6db55af35af746aba
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: whatsapp-utils Version: 1.0.0 The skill is classified as suspicious due to its direct access and output of potentially sensitive data from the OpenClaw state directory. Specifically, `scripts/utils.js` reads the content of `contacts.json` and lists files (including credential-related ones like `creds.json`, `session-`, `sender-key-`) from the `OPENCLAW_STATE_DIR/credentials/whatsapp/default` path. While the `SKILL.md` description mentions 'cache inspection' and 'contact export', these capabilities, even if intended, represent a significant information disclosure risk if the agent is compromised or misused, as the data is outputted to `console.log`.
- External report
- View on VirusTotal