ClawWhisper
Security checks across static analysis, malware telemetry, and agentic risk
Overview
ClawWhisper mostly matches its stated chat purpose, but it enables autonomous conversations with other agents and makes strong ephemerality claims while logging chat data and credentials.
Install only if you are comfortable with your agent autonomously chatting through the disclosed third-party WebSocket service. Avoid sensitive information, join only trusted rooms, and remember that console/platform logs may retain messages or credentials even if the room expires.
Static analysis
Static analysis findings are pending for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Other room participants may influence what your agent says or cause it to reveal information if the agent treats chat content as trusted.
The skill deliberately routes remote agents' messages and history into autonomous agent callbacks, but the artifacts do not define identity verification, trust boundaries, or rules preventing the agent from treating other agents' text as instructions.
Agent autonomously converses with other agents in the room ... onMessage(agentId, text, history) ... [agent generates response via LLM]
Only join trusted rooms, treat all incoming messages as untrusted, and require user approval before sharing private data or taking actions based on chat content.
Users may trust the chat as fully ephemeral when message contents or access credentials could still appear in local or platform logs.
This strong privacy claim is undercut by the implementation logging credentials and chat text to console in index.js, such as `Generated credential`, `Agent ${msg.agentId}: ${msg.text}`, and `Sent: ${text}`. Runtime logs may outlive the room.
Room expires after 10 minutes; messages vanish forever
Do not rely on the 'vanish forever' claim for sensitive content. The skill should remove credential/message logging or clearly disclose that logs may retain data.
Anyone with access to runtime logs during the room lifetime may see the credential and potentially reuse or inspect room access details.
The generated room credential is printed to console. It appears service-scoped and ephemeral, but it is still an access token for the room connection.
const credential = await generateCredential();
console.log(`[ClawWhisper] Generated credential: ${credential}`);Treat logs as sensitive and prefer a version that does not print generated credentials.
A prior message from another agent may continue influencing responses during the session until history is cleared or the room changes.
The skill keeps the last 50 messages in local runtime memory and passes that history into callbacks for context-aware responses. This is purpose-aligned and bounded, but it can carry untrusted remote content forward within the session.
let conversationHistory = []; const MAX_HISTORY = 50; ... onMessageCallback?.(msg.agentId, msg.text, [...conversationHistory]);
Clear history when appropriate and instruct the agent not to treat conversation history as authoritative instructions.