ClawHub

WhatsApp HappyBDay

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it can continuously read WhatsApp group chats and send messages from the user's account with weak scoping and a command-injection risk.

Review carefully before installing. Keep BIRTHDAY_SIMULATE=true until tested, use it only in groups where participants have agreed to automated monitoring, avoid sensitive chats, and do not enable the cron job or real sending unless you accept ongoing background reads and possible automated posts. A safer version would add a group allowlist, remove shell=True, and require approval before each real WhatsApp message.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
Findings (8)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def run_wacli_command(cmd):
    """Execute wacli command"""
    try:
        result = subprocess.run(cmd, shell=True, capture_output=True, text=True, encoding='utf-8', errors='replace', timeout=60)
        return result.stdout, result.stderr, result.returncode
    except Exception as e:
        return "", str(e), 1
Confidence
99% confidence
Finding
result = subprocess.run(cmd, shell=True, capture_output=True, text=True, encoding='utf-8', errors='replace', timeout=60)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill requests and documents capabilities to read environment variables, read/write local files, and invoke shell commands, but does not declare permissions explicitly. That mismatch reduces transparency and weakens policy enforcement, especially for a skill that monitors chats, stores state, and can trigger outbound WhatsApp actions through external tooling.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The helper wraps arbitrary shell execution and is then used for WhatsApp CLI operations with interpolated values. In the context of a message-monitoring bot, this makes the skill materially more dangerous because chat-derived content can flow into shell commands, turning a simple automation into a command-execution primitive.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README promotes continuous monitoring of WhatsApp group messages and automatic outbound messaging, but it does not clearly disclose the privacy, consent, and policy implications of scanning private group conversations. In this context, the omission is security-relevant because users may deploy the skill without understanding that it processes personal communications and inferred personal events, increasing the risk of unauthorized surveillance or non-compliant data handling.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases are broad enough to match normal user requests about WhatsApp or congratulating someone, which can cause the skill to activate unexpectedly. In this skill's context, accidental activation is more dangerous because the skill monitors group content and may send messages on the user's behalf.

Missing User Warnings

High
Confidence
97% confidence
Finding
The description and user-facing setup do not prominently warn that the skill continuously monitors WhatsApp groups and may automatically send messages as the user. This is a significant consent and transparency issue because users may install or invoke it without understanding the privacy implications and autonomous outbound behavior.

Session Persistence

Medium
Category
Rogue Agent
Content
```

### 2. Automated Execution (Cron Job)
Create a cron job to run the monitor script periodically (e.g., every hour between 8 AM and 8 PM). Run this in your terminal:

```bash
openclaw cron add \
Confidence
93% confidence
Finding
Create a cron job to

Session Persistence

Medium
Category
Rogue Agent
Content
```

### 2. Automated Execution (Cron Job)
Create a cron job to run the monitor script periodically (e.g., every hour between 8 AM and 8 PM). Run this in your terminal:

```bash
openclaw cron add \
Confidence
93% confidence
Finding
Create a cron job to run the monitor script periodically (e.g., every hour between 8 AM and 8 PM). Run this in your terminal: ```bash openclaw cron add \ --name "WhatsApp HappyBDay Monitor" \ --c

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal