Security audit

whatclaw-whatsapp-integration

Security checks across malware telemetry and agentic risk

Overview

This WhatsApp skill does what it says, but users should treat sends and stored contact/message data as sensitive.

Install only if you are comfortable with this skill sending WhatsApp messages from your connected OpenClaw account. Keep whitelist sets small and reviewed, avoid using it from shared directories or shared machines, protect or delete the local data files when no longer needed, and make sure the openclaw command in PATH is the trusted OpenClaw CLI.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (3)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill documentation states that whitelist and message-tracking data are stored in local files, but it does not clearly warn users about the privacy and security implications of persisting phone numbers and message metadata on disk. This can lead to accidental exposure through weak filesystem permissions, backups, shared workspaces, or multi-user environments, especially because phone numbers and message status data are sensitive operational data.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The script can send WhatsApp messages to every number in a stored set immediately after parsing a natural-language command, with no confirmation, dry-run, or explicit user warning about recipients and content. In an agent skill context, this increases the risk of unintended external communication, privacy leakage, spam, or social-engineering messages being sent if the command is mis-triggered or the caller is not properly authorized.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The script silently creates and maintains local JSON files containing phone-number whitelists and message metadata, including recipient numbers, message IDs, and timestamps, without any notice, retention controls, or access protections. In a shared host or agent runtime, this can expose sensitive contact and communication metadata to other local users, backups, logs, or later compromise of the filesystem.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical

Code: suspicious.dangerous_exec
Location: word-trigger.js:66