ClawHub

CMI CPaaS - WhatsApp OTP Sender

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do what it claims, but it handles OTP-sending credentials in a risky way and disables normal network protections.

Review before installing. Use only least-privilege or test CMI credentials, avoid pasting long-lived secrets into chat or shell history, confirm the recipient before sending, and do not use this in production unless your security or operations team accepts the disabled TLS verification and proxy-bypass behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill asks the user to provide highly sensitive API credentials directly in conversation, but does not warn against exposing them in chat logs or provide a secure secret-entry mechanism. Because the same skill also uses shell and network operations, these credentials could be mishandled, logged, reused, or exfiltrated if the environment is compromised or the agent behavior is unsafe.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script sends highly sensitive data—access credentials, application secret, phone number, and OTP—to an external third-party API, but provides only a generic log message and no clear disclosure or minimization of what leaves the environment. In a skill context, this is dangerous because users or calling systems may unknowingly expose secrets and authentication factors to an external service, creating confidentiality and compliance risk if the endpoint, logs, or surrounding orchestration are not tightly controlled.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal