Back to skill
Skillv0.1.0
ClawScan security
WA Relay · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 8, 2026, 6:49 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and instructions are coherent with a WhatsApp relay/firewall: it is instruction-only, asks to read/write agent memory and config for owner identification and message logs, and does not request unrelated credentials or install code.
- Guidance
- This skill appears to do what it says, but before installing: (1) confirm the agent's 'message' and transcription tools are trusted and won’t send data to unexpected external endpoints; (2) be aware wa-relay-log.md will store third-party messages — decide on retention, encryption, or deletion policies; (3) ensure SOUL.md/USER.md are the right place for your owner number and that the skill only reads the minimum required fields; (4) test in a safe environment to verify the 'NO_REPLY' behavior is implemented as intended and does not inadvertently leak context. If you need stronger privacy, require the skill to encrypt logs or restrict where logs are stored.
Review Dimensions
- Purpose & Capability
- okName/description match the instructions: the skill mediates WhatsApp inbound/outbound messages, logs conversations, and requires the owner's WhatsApp number in agent config. No unrelated credentials, binaries, or installs are requested.
- Instruction Scope
- noteSKILL.md instructs the agent to notify the owner via a 'message' tool and to transcribe audio (whisper or built-in). It also instructs reading SOUL.md/USER.md for owner number and maintaining memory/wa-relay-log.md. These file and tool accesses are expected for a relay but are important runtime surface area to be aware of (reads/writes agent memory/config and uses external messaging/transcription tools).
- Install Mechanism
- okInstruction-only; no install spec, no downloads, no code files — lowest risk from install mechanism.
- Credentials
- noteThe skill does not request environment variables or credentials, but it requires access to agent config files (SOUL.md/USER.md) and write access to memory/wa-relay-log.md. This is proportionate to logging and owner-identification, but the log will store third-party message content so consider privacy/retention controls.
- Persistence & Privilege
- okalways is false and the skill does not request elevated persistent privileges or to modify other skills. Autonomous invocation is allowed (platform default) but not combined with other concerning factors.