Back to skill
Skillv2.1.8
ClawScan security
SocialEpoch WhatsApp SCRM API · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 28, 2026, 2:14 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code, declared requirements, and runtime instructions are coherent with a WhatsApp SCRM API client that needs a tenant ID and API key and stores a local config; no evidence of hidden exfiltration or unrelated credential requests was found.
- Guidance
- This skill appears to do what it claims (a WhatsApp SCRM client) and only requires the SocialEpoch tenant ID and API key. Before installing, consider: 1) The tool will save your API key to ~/.openclaw/scrm_config.json — treat that file as sensitive and remove or manage it if you rotate keys. 2) The script will attempt to auto-install the Python requests package via pip (may alter user/system packages); run in a controlled environment if you prefer. 3) SKILL.md says to run only in the skill directory, but the program reads/writes config in your home directory — be aware of this path. 4) Verify the API_BASE domain (api.socialepoch.com) and that you trust the service before supplying credentials. 5) If you need stronger isolation, run the skill in a sandbox, dedicated container, or machine account with minimal access. If you want more assurance, ask the publisher for a signed release or inspect the full untruncated scrm_api.py to confirm there are no additional network endpoints or hidden behavior.
Review Dimensions
- Purpose & Capability
- okName/description (WhatsApp SCRM) align with required env vars (SOCIALEPOCH_TENANT_ID, SOCIALEPOCH_API_KEY, SOCIALEPOCH_SOURCE), required binary (python3), and networked API calls to api.socialepoch.com. The API key as primary credential is expected for this purpose.
- Instruction Scope
- noteSKILL.md instructs running commands in the skill directory and describes config via env vars or set_config. The code, however, loads/saves config to a user home path (~/.openclaw/scrm_config.json) rather than the skill directory, which contradicts the 'do not search other paths' line in the doc. Aside from that mismatch, runtime behavior (making HTTPS requests, reading stated env vars, writing a local config, and only contacting api.socialepoch.com) stays within the described scope.
- Install Mechanism
- noteDeclared install uses brew to ensure python3 — reasonable. The script also auto-installs the requests package at runtime via pip (subprocess.check_call) if missing; this is expected for a Python client but does perform network installs and can modify user/system packages depending on environment (the script passes --user and --break-system-packages on non-Windows). This is common but worth being aware of.
- Credentials
- okOnly three env vars are required (tenant id, API key, source). They are directly used by the client to sign and authenticate requests; no unrelated secrets or system credentials are requested.
- Persistence & Privilege
- noteThe skill writes a config file to ~/.openclaw/scrm_config.json and merges prior values when saving — expected for persistent credentials. always is false. This writes to a user-wide location (home directory), which is normal for a CLI tool but means stored keys are persisted on disk and shared across runs.