ClawHub

Zalo Multi Send

PassAudited by ClawScan on May 10, 2026.

Overview

This skill appears to do its stated job, but it uses your stored Zalo login to send the files or URLs you specify, so recipients and attachments should be checked carefully.

This skill is reasonable for sending multiple attachments through Zalo, but treat it as account-authorized messaging software. Before installing or running it, confirm you trust the skill, verify the hard-coded zca-js path on your machine, and double-check the Zalo recipient ID, group flag, credential profile, and every file or URL being sent.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteHigh Confidence
ASI03: Identity and Privilege Abuse
What this means

If run with the wrong arguments or by an untrusted agent, it can send messages from your Zalo account.

Why it was flagged

The script reads a stored Zalo credential profile and logs in with cookie/session-like material to act as the user's Zalo account.

Skill content
const creds = JSON.parse(readFileSync(credsPath, "utf-8")); ... await zalo.login({ imei: creds.imei, cookie: creds.cookie, userAgent: creds.userAgent, language: creds.language });
Recommendation

Install only if you trust this skill with your Zalo account session, and verify the recipient, group flag, profile, and attachments before sending.

NoteHigh Confidence
ASI02: Tool Misuse and Exploitation
What this means

A mistaken recipient ID, group flag, or file path could send private content to the wrong chat.

Why it was flagged

When invoked, the script directly sends the provided caption and attachments to the specified Zalo user or group without a built-in confirmation step.

Skill content
const result = await api.sendMessage(
    { msg: args.caption, attachments },
    args.to,
    threadType
  );
Recommendation

Use an explicit confirmation workflow before running the script, especially for group messages or sensitive files.

NoteHigh Confidence
ASI07: Insecure Inter-Agent Communication
What this means

Selected file contents leave the local machine and are delivered through Zalo to the chosen recipient or group.

Why it was flagged

The script loads local files or fetched URL contents into attachments that are then sent through Zalo to a numeric user or group ID.

Skill content
const { buf, name } = await loadFile(src); ... return { data: buf, filename: safeName, metadata: { totalSize: buf.length } };
Recommendation

Check that each file or URL is intended to be shared and that the numeric Zalo recipient ID is correct.

NoteHigh Confidence
ASI04: Agentic Supply Chain Vulnerabilities
What this means

The skill may fail on other systems or run whatever zca-js code exists at that local path.

Why it was flagged

The script loads zca-js from a hard-coded absolute path outside the skill package rather than declaring or pinning the dependency in an install spec.

Skill content
const ZCA_PATH =
  "/home/tuan/.nvm/versions/node/v22.21.1/lib/node_modules/openclaw/extensions/zalouser/node_modules/zca-js";
const { Zalo, ThreadType } = require(ZCA_PATH);
Recommendation

Verify the zca-js path before use, and prefer a declared, pinned dependency or a documented OpenClaw-provided module path.