Back to skill

Security audit

whatclaw-whatsapp-integration

Security checks across malware telemetry and agentic risk

Overview

This WhatsApp skill does what it says, but users should treat sends and stored contact/message data as sensitive.

Install only if you are comfortable with this skill sending WhatsApp messages from your connected OpenClaw account. Keep whitelist sets small and reviewed, avoid using it from shared directories or shared machines, protect or delete the local data files when no longer needed, and make sure the openclaw command in PATH is the trusted OpenClaw CLI.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill documentation states that whitelist and message-tracking data are stored in local files, but it does not clearly warn users about the privacy and security implications of persisting phone numbers and message metadata on disk. This can lead to accidental exposure through weak filesystem permissions, backups, shared workspaces, or multi-user environments, especially because phone numbers and message status data are sensitive operational data.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script can send WhatsApp messages to every number in a stored set immediately after parsing a natural-language command, with no confirmation, dry-run, or explicit user warning about recipients and content. In an agent skill context, this increases the risk of unintended external communication, privacy leakage, spam, or social-engineering messages being sent if the command is mis-triggered or the caller is not properly authorized.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script silently creates and maintains local JSON files containing phone-number whitelists and message metadata, including recipient numbers, message IDs, and timestamps, without any notice, retention controls, or access protections. In a shared host or agent runtime, this can expose sensitive contact and communication metadata to other local users, backups, logs, or later compromise of the filesystem.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
word-trigger.js:66