ClawHub

Waboxapp

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a real Waboxapp integration, but it gives an agent broad authenticated WhatsApp messaging and API access that is not fully disclosed or confirmation-gated.

Install only if you trust Membrane and intend to let an agent operate a Waboxapp business messaging connection. Use the least-privileged account available, review connection permissions, and require explicit confirmation before sending any WhatsApp message/media or using raw POST, PUT, PATCH, or DELETE API requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The manifest description materially understates the skill's capabilities by saying it manages Organizations, Users, and Filters, while the body documents WhatsApp messaging and broader API interaction. This mismatch can mislead operators or higher-level agents into invoking the skill in contexts with greater side effects than expected, increasing the risk of unauthorized outbound messaging or broader data access.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The documentation explicitly permits arbitrary proxy requests to the Waboxapp API, which is broader than ordinary 'interact with Waboxapp data' wording implies. Exposing a generic authenticated request primitive can enable unintended access to unreviewed endpoints or risky operations, especially when an agent treats the skill as narrowly scoped.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill highlights actions for sending text, links, images, media, and making direct API calls without any warning that these are impactful outbound operations. In an agent setting, omission of confirmation guidance can lead to accidental message delivery, spam, customer-impacting actions, or unauthorized changes against the connected account.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal