ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

WhatsApp HappyBDay

v1.0.2

Monitor WhatsApp groups to dynamically detect people who should be congratulated. It identifies keywords (e.g., "birthday", "congratulations") and the person...

0· 51·0 current·0 all-time
by@zero-astro
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The code and SKILL.md match the stated purpose (uses wacli to read group messages, scores them, identifies names, and optionally sends replies). However the registry metadata is odd: primaryEnv is set to BIRTHDAY_MIN_MESSAGES (not a credential) and the declared required env vars omit BIRTHDAY_SKIP_LIST which the script and docs expect. That metadata mismatch is surprising and should be corrected.
!
Instruction Scope
The runtime instructions ask the agent to sync wacli, run the Python script, and create cron jobs — all coherent for the stated feature. But the SKILL.md and script use additional environment variables (e.g., BIRTHDAY_SKIP_LIST) that are not listed in requires.env. The instructions push for autonomous periodic execution and precise heartbeat behavior, which is fine for monitoring but increases risk if the script can execute arbitrary shell commands (see install_mechanism and environment_proportionality).
Install Mechanism
No install spec (instruction-only) and a small requirements.txt (python-dotenv). That is low risk in principle. However the script itself shells out to wacli via subprocess.run(..., shell=True) with interpolated values (group JIDs and generated messages). Because message content and names are derived from group text, this creates a command-injection risk if inputs aren't sanitized. The skill does not show any escaping/quoting safeguards.
!
Credentials
The skill only needs local access to wacli and a few configuration/environment variables, which is proportionate — but the registry lists only three required env vars while the SKILL.md and script rely on others (e.g., BIRTHDAY_SKIP_LIST). Marking BIRTHDAY_MIN_MESSAGES as primary credential is incorrect and misleading. Also simulation mode defaults to true (safer), but turning it off will cause the script to send messages; you should review and limit who/what it can message before disabling simulation.
Persistence & Privilege
The skill does not request always:true and does not require system-wide privileges. It writes its own state file under ~/.openclaw/skills/whatsapp-happybday/data which is expected for state tracking. Autonomous invocation is allowed (default) which is normal for skills, but combined with other concerns (shelling out with user-derived content) increases blast radius.
What to consider before installing
What to consider before installing: - Metadata mismatch: the skill's declared required env vars omit BIRTHDAY_SKIP_LIST (used by the code) and incorrectly lists BIRTHDAY_MIN_MESSAGES as the primary credential — treat these as errors in the package metadata. - Command-injection risk: the script uses subprocess.run(..., shell=True) and builds shell commands containing group JIDs and generated messages (which can include extracted names from chat text). Untrusted group content could be crafted to inject shell commands. Before enabling the skill (especially with BIRTHDAY_SIMULATE=false), either: (a) review and harden the code to use subprocess.run([...], shell=False) or properly escape/quote inputs, or (b) sandbox execution (container) and keep it in simulation mode. - Simulation first: keep BIRTHDAY_SIMULATE=true and test extensively. Inspect messages.json and scoring_words.json defaults and your skip list to avoid unwanted sends. - Dependency and runtime: ensure python-dotenv is installed in the environment the agent will run in; the script exits if dotenv is missing. The script also contains a hardcoded user-site path fallback which is odd but not critical. - Autonomy and cron: because the skill is intended for periodic autonomous runs, only enable it if you are comfortable with an automated agent sending messages on your behalf. If you need help making the subprocess usage safe, seek a code fix that removes shell=True and uses argument lists, or that sanitizes user-derived strings before embedding them into shell commands.

Like a lobster shell, security has layers — review code before you run it.

automationvk975vg5zfh8cek6j01vqbsspyx8441wrbirthdayvk975vg5zfh8cek6j01vqbsspyx8441wrlatestvk9771vpxf18g0jq5x7r9c1fqb584ax10whatsappvk975vg5zfh8cek6j01vqbsspyx8441wr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3
EnvBIRTHDAY_MIN_MESSAGES, BIRTHDAY_CONFIDENCE_THRESHOLD, BIRTHDAY_SIMULATE
Primary envBIRTHDAY_MIN_MESSAGES

Comments