whatsap-pro

Security checks across malware telemetry and agentic risk

Overview

This is a coherent WhatsApp customer-support skill, but it handles customer contact details and business messaging credentials, so it needs careful configuration and privacy notice.

Install this only for a business that intends to automate WhatsApp support. Use a dedicated revocable Meta token, verify the owner phone and escalation destination, restrict owner-only commands, add a customer privacy notice, and define how long ticket data is kept.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly instructs forwarding the full customer conversation, customer name, and phone number to the business owner via external messaging channels, but the description does not warn users that this disclosure occurs. This creates a privacy and data-handling risk because customers may assume they are communicating only with the business chatbot rather than being redistributed to other channels or recipients.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill specifies storing open tickets in agent memory with customer phone number, category, timestamp, and status, but does not disclose this persistence to users. Undisclosed retention of customer support data increases privacy, compliance, and misuse risk, especially when tied to identifiable phone numbers.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal