ClawHub

whatsapp-monitor

Security checks across malware telemetry and agentic risk

Overview

This skill openly monitors WhatsApp chats and exports matched messages to Feishu, but it handles private communications with weak consent, scoping, transport, and storage safeguards.

Install only for clearly authorized business monitoring where affected chats and administrators have approved collection. Before use, narrow the targets and keywords, keep the OpenClaw gateway on localhost or a tightly protected network, avoid printing config files, store Feishu secrets outside plaintext repo files where possible, and define retention/deletion rules for stored WhatsApp messages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (27)

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill explicitly describes monitoring WhatsApp chats, filtering messages, storing matches locally, and exporting message contents to Feishu, but it does not present a prominent privacy warning, consent requirement, or clear disclosure of what personal data is collected and transferred. This is dangerous because it facilitates covert surveillance and cross-system exfiltration of private communications without adequate user awareness or authorization controls.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation describes collecting WhatsApp messages and exporting matched content to Feishu, but it does not warn users that message contents may contain personal, confidential, or regulated data that is being transmitted to a third-party platform. In a messaging-monitoring skill, omission of privacy and consent guidance materially increases the risk of unauthorized disclosure and noncompliant deployment.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The reset instructions include destructive file-deletion commands for data, logs, and configuration, but they are presented without a prominent warning that the operation is irreversible and may remove credentials, monitoring history, and forensic logs. This can lead to accidental loss of evidence, service disruption, or unrecoverable configuration damage by users following the guide verbatim.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The keyword list contains common terms such as '问题', '帮忙', '会议', '状态', and '进度' that are likely to appear in routine conversations. In a WhatsApp monitoring configuration, broad triggers can cause excessive or unintended message matching, leading to overcollection of chat data, noisy alerts, and possible privacy exposure beyond the intended scope.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger conditions are described broadly enough that the skill may activate on vague WhatsApp-related requests without clear user intent boundaries. In a monitoring skill that handles private communications, ambiguous activation increases the risk of unintentional surveillance or export actions being initiated when the user did not explicitly request them.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill description advertises monitoring WhatsApp messages and exporting them to Feishu without prominently warning users that private message content may be collected, processed, and sent to an external system. This is dangerous because users or operators may enable the skill without understanding the privacy, compliance, and consent implications of cross-platform message exfiltration.

Missing User Warnings

High
Confidence
94% confidence
Finding
The documentation describes event-triggered monitoring upon receipt of WhatsApp messages via webhook, but it does not include any consent, privacy, or authorization warning. Because this implies potentially continuous or automatic interception of message events, the absence of clear constraints materially raises the risk of unauthorized monitoring of personal or regulated communications.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The guide enables monitoring, retrieving, and sending WhatsApp messages, including message content, sender identities, and chat metadata, but provides only minimal generic security notes and does not adequately warn about privacy, consent, retention, or legal/compliance obligations. In a messaging-integration skill, this omission can lead users to deploy surveillance-like capabilities or mishandle personal data without appropriate safeguards, increasing privacy and regulatory risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The code persists matched message contents to a local JSON file, which can include sensitive communications, sender data, and keywords, but there is no consent flow, notice, retention control, encryption, or access restriction in this component. In a message-monitoring skill, silent local storage increases privacy and data-exposure risk if the host is shared, compromised, or backed up to less-trusted locations.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This code exports monitored WhatsApp message content, sender information, matched keywords, attachments, and chat links to Feishu in bulk without any consent check, privacy notice, minimization step, or approval gate in this file. Because the data is likely sensitive communications content, automatic cross-platform exfiltration to a third-party service can create privacy, compliance, and insider-monitoring risks if users or monitored parties are unaware.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The client constructs `self.base_url` with `http://` and uses it for message retrieval, sending, and contact/chat enumeration, which exposes WhatsApp content and metadata to interception or modification by anyone on the network path. In a messaging-monitoring context, this is especially dangerous because it can leak sensitive communications, contact lists, and enable tampering with responses if the service is not strictly confined to a trusted local channel.

Ssd 3

High
Confidence
98% confidence
Finding
The documentation plainly instructs users to collect private WhatsApp messages, sender details, and matched keywords and send them into an external Feishu table. This creates a direct data-exfiltration and privacy-risk workflow, especially because message content from personal or group chats may include sensitive personal, corporate, or regulated information.

Ssd 3

High
Confidence
97% confidence
Finding
The workflow operationalizes ongoing surveillance by directing periodic chat checks, local storage of matching messages, and later export to Feishu. This is dangerous because it enables persistent monitoring and staged transfer of private communications, increasing both the likelihood and scale of unauthorized disclosure if the system is misused, compromised, or deployed without consent.

Unpinned Dependencies

Low
Category
Supply Chain
Content
# WhatsApp Monitor 依赖包
aiohttp>=3.8.0
pydantic>=2.0.0
python-dateutil>=2.8.0
requests>=2.28.0
Confidence
94% confidence
Finding
aiohttp>=3.8.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
# WhatsApp Monitor 依赖包
aiohttp>=3.8.0
pydantic>=2.0.0
python-dateutil>=2.8.0
requests>=2.28.0
pyyaml>=6.0
Confidence
94% confidence
Finding
pydantic>=2.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
# WhatsApp Monitor 依赖包
aiohttp>=3.8.0
pydantic>=2.0.0
python-dateutil>=2.8.0
requests>=2.28.0
pyyaml>=6.0
Confidence
90% confidence
Finding
python-dateutil>=2.8.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
aiohttp>=3.8.0
pydantic>=2.0.0
python-dateutil>=2.8.0
requests>=2.28.0
pyyaml>=6.0
Confidence
95% confidence
Finding
requests>=2.28.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
pydantic>=2.0.0
python-dateutil>=2.8.0
requests>=2.28.0
pyyaml>=6.0
Confidence
96% confidence
Finding
pyyaml>=6.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
logger = setup_logging()
    
    requirements = """# WhatsApp Monitor 依赖包
aiohttp>=3.8.0
pydantic>=2.0.0
python-dateutil>=2.8.0
requests>=2.28.0
Confidence
88% confidence
Finding
aiohttp>=3.8.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requirements = """# WhatsApp Monitor 依赖包
aiohttp>=3.8.0
pydantic>=2.0.0
python-dateutil>=2.8.0
requests>=2.28.0
pyyaml>=6.0
Confidence
88% confidence
Finding
pydantic>=2.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requirements = """# WhatsApp Monitor 依赖包
aiohttp>=3.8.0
pydantic>=2.0.0
python-dateutil>=2.8.0
requests>=2.28.0
pyyaml>=6.0
"""
Confidence
88% confidence
Finding
python-dateutil>=2.8.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
aiohttp>=3.8.0
pydantic>=2.0.0
python-dateutil>=2.8.0
requests>=2.28.0
pyyaml>=6.0
"""
Confidence
90% confidence
Finding
requests>=2.28.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
pydantic>=2.0.0
python-dateutil>=2.8.0
requests>=2.28.0
pyyaml>=6.0
"""
    
    try:
Confidence
90% confidence
Finding
pyyaml>=6.0

Known Vulnerable Dependency: aiohttp — 10 advisory(ies): CVE-2024-52303 (aiohttp has a memory leak when middleware is enabled when requesting a resource ); CVE-2026-34514 (AIOHTTP has CRLF injection through multipart part content type header constructi); CVE-2026-34517 (AIOHTTP has late size enforcement for non-file multipart fields causes memory Do) +7 more

High
Category
Supply Chain
Confidence
91% confidence
Finding
aiohttp

Known Vulnerable Dependency: pydantic — 3 advisory(ies): CVE-2021-29510 (Use of "infinity" as an input to datetime and date fields causes infinite loop i); CVE-2024-3772 (Pydantic regular expression denial of service); CVE-2021-29510 (Pydantic is a data validation and settings management using Python type hinting.)

High
Category
Supply Chain
Confidence
87% confidence
Finding
pydantic

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal