openclaw-whatsapp-gif

The OpenClaw WhatsApp GIF skill is classified as benign. It demonstrates robust security practices, including strict host whitelisting for all network requests and media downloads (enforced by `is_allowed_host` and `allowedMediaHosts` in `policy.json`), content filtering for search results, and validation of downloaded media size and type. Risky features like web scraping (`search_tenor_web` in `scripts/find_gif.py`) and remote URL fallback are disabled by default in `references/policy.json`. There is no evidence of intentional data exfiltration, persistence mechanisms, or prompt injection attempts in `SKILL.md`.