ClawHub
Back to skill
v1.0.0

jj

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 4:55 AM.

Analysis

This skill is coherent but deserves careful review because it can log into WhatsApp, send messages or files as you, and continuously sync/store private chat history.

GuidanceInstall only if you intentionally want Claw to use wacli for WhatsApp. Confirm every recipient and message before sending, be cautious with file sends, avoid continuous sync unless you need it, and clear or revoke the ~/.wacli store/session when finished.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusNote
SKILL.md
Require explicit recipient + message text.
- Confirm recipient + message before sending.
...
wacli send text --to "+14155551212" --message "Hello! Are you free at 3pm?"

The skill exposes commands that can send WhatsApp messages and files to other people. The artifact includes useful confirmation safeguards, so this is purpose-aligned but still high-impact.

User impactA mistaken or poorly confirmed invocation could send a message or file to the wrong person or group.
RecommendationOnly allow sends after confirming the exact recipient, destination type, message text, and any file path with the user.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
install spec
brew | formula: steipete/tap/wacli
...
go | module: github.com/steipete/wacli/cmd/wacli@latest

The skill depends on an external CLI installed from a Homebrew tap or an unpinned Go @latest module. This is expected for the skill but relies on the external package's provenance.

User impactInstalling the skill requires trusting the external wacli package source and whatever version @latest resolves to at install time.
RecommendationReview the wacli project and prefer a pinned, trusted version if available.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
`wacli auth` (QR login + initial sync)

QR login grants the CLI access to the user's WhatsApp identity/session, which is expected for this integration but sensitive.

User impactThe CLI can act through the connected WhatsApp account for supported actions such as searching history and sending messages.
RecommendationAuthorize only an account you intend to use with this skill, and know how to revoke or clear the wacli session if no longer needed.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityMediumConfidenceHighStatusConcern
SKILL.md
`wacli sync --follow` (continuous sync)
...
Store dir: `~/.wacli` (override with `--store`).

The skill can continuously sync WhatsApp history into a persistent local store. The instructions disclose the store path but do not clearly bound chat scope, retention, cleanup, or later reuse of synced private messages.

User impactPrivate WhatsApp history may remain locally available to future wacli use, including beyond the immediate task.
RecommendationUse sync only when explicitly needed, prefer a dedicated --store location, avoid long-running --follow unless intended, and delete or revoke stored session/history data when finished.