ClawHub

WA Relay

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only WhatsApp relay skill with disclosed, purpose-aligned message handling, but users should treat its logging and forwarding behavior as privacy-sensitive.

Install only if you are comfortable with the agent reading, relaying, transcribing, and logging WhatsApp communications from third parties. Verify the owner number before use, require clear confirmation before any outbound or group message, and periodically purge or minimize wa-relay-log.md if it may contain sensitive personal or business information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill relays, transcribes, describes, and persistently logs third-party WhatsApp content, but it does not include an explicit privacy notice, retention policy, or consent guidance. This creates a real privacy/compliance risk because sensitive messages, media details, and transcripts may be stored and forwarded without clear disclosure to the owner or safeguards for third parties.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The example explicitly instructs the agent to transcribe a third party's audio message and forward the contents to the owner without any notice, consent boundary, or minimization guidance. Because this skill is specifically designed to process communications from non-owner contacts, the lack of privacy safeguards increases the risk of unauthorized processing of sensitive voice content and derived text.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The examples direct the agent to log message contents to wa-relay-log.md, which creates persistent storage of private third-party WhatsApp communications without any disclosure, retention limit, or access-control warning. In a relay/firewall skill, this is more dangerous because the system systematically captures conversations from non-owner contacts, potentially accumulating sensitive personal or business data.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill explicitly requires storing full third-party messages, audio transcripts, and media descriptions in a persistent log and replaying them to the owner. Persistent storage of potentially sensitive communications expands the blast radius of compromise, increases accidental disclosure risk, and may violate data minimization expectations or regulatory obligations.

Exfiltration Commands

High
Category
Prompt Injection
Content
Natural language commands the agent should recognize:

- "Reply to Martín: [message]" → Send message to Martín
- "Tell Banana that..." → Send message to Banana
- "What did Martín say?" → Check wa-relay log
- "Show me recent messages" → Summarize recent third-party messages
- "Forward that to Martín" → Forward last relevant content to Martín
Confidence
84% confidence
Finding
Send message to

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal