Back to skill

Security audit

PAPI - WhatsApp API

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only WhatsApp API skill with powerful but clearly advertised messaging, group, catalog, instance, and webhook features.

Install only if you intend to let an agent assist with a PAPI/WhatsApp automation account. Keep the API key private, confirm sends and group/catalog/instance changes deliberately, and configure webhooks or WebSockets only for trusted HTTPS/WSS destinations allowed to receive WhatsApp event data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This skill exposes high-risk capabilities such as sending WhatsApp messages, creating and deleting instances, managing groups, and configuring webhooks, but it does not warn users about the destructive, privacy, and abuse implications of those operations. In an agent context, the absence of explicit safety guidance increases the chance of accidental spam, unauthorized messaging, unintended instance deletion, or unsafe webhook configuration by downstream users or agents.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The webhook and WebSocket documentation instructs users to forward message and event data to external endpoints but does not warn that these payloads may contain sensitive communications, metadata, or identifiers. In a WhatsApp automation context, this omission increases the risk of accidental data leakage to third parties, insecure endpoint handling, and privacy noncompliance because operators may enable integrations without understanding the exposure boundary.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.