Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Chat History Local
v1.0.0Search past WhatsApp/chat conversations stored in the audit log PostgreSQL database. Use when the user asks about past conversations, what was discussed, wha...
⭐ 0· 26·1 current·1 all-time
byNetanel Abergel@netanel-abergel
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md clearly describes searching a local PostgreSQL audit DB for WhatsApp/chat messages, which matches the skill name and description. However, the instructions require a specific psql binary path and PostgreSQL 18 (LC_ALL=C /opt/homebrew/.../psql), but the skill metadata declares no required binaries — that's an inconsistency between declared requirements and actual runtime expectations.
Instruction Scope
The instructions are narrowly scoped to constructing and running SQL queries against the local openclaw_audit.messages table, with templates for FTS, chat/date filters, and reply behavior. They do not instruct contacting external endpoints or reading unrelated system files. They do assume the agent will execute psql on the host and will run arbitrary SQL queries against the DB (which has sensitive chat content).
Install Mechanism
There is no install spec (instruction-only), so nothing new is written to disk. This is low-risk from an install perspective. The instruction to use a specific local psql binary is operational guidance, not an installer.
Credentials
The skill declares no environment variables or credentials, yet the SKILL.md hardcodes DB connection parameters (127.0.0.1:15432, user 'postgres', DB 'openclaw_audit') and expects password-less or local-auth PostgreSQL access. That implicit credential/access assumption should be explicit; reading the messages table gives access to sensitive personal conversations, so the privilege implied is significant even if no env vars are listed.
Persistence & Privilege
The skill does not request always: true and has no install step that persists on disk. It would be invoked at runtime and may run psql commands; autonomous invocation is allowed by default (not unusual) but combined with DB access this increases potential impact.
What to consider before installing
This skill queries a local PostgreSQL audit DB containing sensitive WhatsApp/chat messages. Before installing, confirm you actually want an agent that can run psql on your host and read message rows. Pay attention to these points:
- The SKILL.md expects the Postgres 18 psql binary at a specific path but the skill metadata lists no required binaries; verify psql is available at that location or adjust the metadata.
- The DB host/port/user are hardcoded (127.0.0.1:15432, user=postgres, db=openclaw_audit). Ensure that access to that DB is intended and that authentication (password/.pgpass/peer auth) is configured safely.
- The agent will be able to run arbitrary SELECT queries you or the skill instructs; these will expose private conversations. Only enable the skill if you trust it and want the agent to access those messages.
- If you are concerned about autonomous queries, disable autonomous invocation or restrict the skill's usage to interactive/manual runs; consider adding explicit required-binaries and credential metadata so the skill's footprint matches its runtime needs.
- If you need higher assurance, ask the publisher for provenance (source/homepage) and for the skill to declare required binaries/credentials explicitly.Like a lobster shell, security has layers — review code before you run it.
latestvk97692vtjaq4r90cbp1j926fq5843cg2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.