WhatsApp Local Endpoints Router
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: whatsapp-local-endpoints-router Version: 1.0.0 The `scripts/route_whatsapp.sh` file contains a critical shell injection vulnerability in its `decode` mode. The `$ARG` variable, intended for an image file path, is directly interpolated into the `curl -F "image=@$ARG"` command without proper sanitization or quoting. This allows for arbitrary command execution if an attacker can control the `$ARG` input. While the skill targets `localhost:8080`, this RCE vulnerability provides a powerful primitive for an attacker to achieve malicious goals, such as data exfiltration or persistence, by executing arbitrary commands on the host system.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
WhatsApp text entered through the skill will be sent to the configured local service for processing.
The skill executes a shell script that sends user-provided WhatsApp text to an HTTP endpoint. This is expected for the router purpose and is JSON-encoded, but it is still network-capable tool use.
curl --silent --show-error --max-time "$TIMEOUT" ... -X POST "$BASE_URL/process" ... -d "$PAYLOAD"
Only use this skill when you trust the local endpoint and understand what it will do with the submitted text.
A selected QR image, and any content inside it, may be sent to whatever service BASE_URL points to.
The destination defaults to localhost, but it can be changed through BASE_URL, and image files are uploaded to that configured endpoint. This is purpose-aligned but makes the endpoint boundary important.
BASE_URL="${BASE_URL:-http://localhost:8080}" ... -F "image=@$ARG"Verify that BASE_URL is unset or points to a trusted local service before routing private WhatsApp images.
The skill may fail or behave differently on systems without those tools available.
The script depends on bash, python3, and curl, while the registry metadata declares no required binaries. This is not malicious, but the runtime prerequisites are under-declared.
#!/usr/bin/env bash ... PAYLOAD="$(python3 - <<'PY' "$ARG" ... curl --silent --show-error
Confirm bash, curl, and python3 are present and expected on the host running the skill.