ClawHub

Whatsapp Memory

Security checks across malware telemetry and agentic risk

Overview

The skill transparently provides WhatsApp memory features, but it stores and reuses private chat information broadly enough that users should review it before installing.

Install only if you are comfortable with WhatsApp group and DM summaries, identifiers, tasks, preferences, and follow-ups being stored in local plaintext files and potentially included in cross-chat searches or briefings. Before use, define which chats may be logged, avoid secrets and sensitive personal data, set deletion and retention rules, restrict file permissions, and be careful with any git backup integration.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
Although the skill is framed as maintaining separate per-conversation memory, it also provides `wa_search()` to query across all chats, which defeats strict separation at the access layer. This increases the chance of cross-chat data disclosure or inappropriate reuse of private information from unrelated conversations.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The weekly digest aggregates entries from all WhatsApp group and DM memory directories, which broadens use of retained data beyond the advertised per-conversation context function. This creates a semantic data minimization failure and can expose private DM or group details in a centralized summary.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill persistently stores WhatsApp conversation content, participant information, and preferences on disk, and later suggests git backup, but does not provide a clear privacy notice, consent model, retention policy, or security requirements. For messaging data, this omission materially increases privacy and compliance risk because users may not expect durable local storage and replication.

Ssd 3

Medium
Confidence
89% confidence
Finding
The skill explicitly instructs the agent to persist tasks, decisions, people data, and owner preferences into natural-language memory files. Storing conversational content and preferences in broadly readable plaintext files creates a durable leakage surface if the workspace, backups, or later prompts expose those files.

Ssd 3

Medium
Confidence
96% confidence
Finding
The workflow tells the agent to load prior memory into every response and to include DM follow-ups in owner briefings, which directly increases the risk of private information being surfaced outside the original conversation context. In a messaging setting, this can cause unauthorized disclosure of sensitive DM content to the owner or to unrelated conversations through prompt-context mixing.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal