Trust Assessment
wacli received a trust score of 33/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 1 critical, 2 high, 1 medium, and 0 low severity. Key findings include Unpinned Go Module Dependency, Arbitrary File Exfiltration via WhatsApp, Arbitrary Message Sending to External Recipients.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 33/100, indicating areas for improvement.
Last analyzed on February 18, 2026 (commit b62bd290). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary File Exfiltration via WhatsApp The skill provides the capability to send arbitrary files from the agent's filesystem to any WhatsApp recipient using `wacli send file --to "<number>" --file /path/to/file`. If the `/path/to/file` argument can be influenced by untrusted input or if the LLM is prompted to send a sensitive file it has access to, this could lead to the exfiltration of critical system files, credentials, or other sensitive data. Implement strict allow-listing for file paths that can be sent. Do not allow arbitrary file paths to be specified. If file sending is necessary, ensure files are explicitly approved by the user or are from a highly restricted, non-sensitive directory. Consider sandboxing the `wacli` process to limit its filesystem access. | Static | SKILL.md:34 | |
| HIGH | Unpinned Go Module Dependency The skill specifies a Go module dependency `github.com/steipete/wacli/cmd/wacli@latest` which uses the `@latest` tag. This means the dependency is not pinned to a specific version, allowing for silent updates that could introduce breaking changes, vulnerabilities, or malicious code without explicit review. This increases the supply chain risk. Pin the Go module dependency to a specific, immutable version (e.g., a commit hash or a semantic version tag like `@v1.2.3`) to ensure deterministic builds and prevent unexpected changes from upstream. | Static | Manifest | |
| HIGH | Arbitrary Message Sending to External Recipients The skill allows sending arbitrary text messages to any WhatsApp recipient using `wacli send text --to "<number>" --message "<text>"`. This capability, if not carefully controlled by the LLM, could be abused for spam, phishing attacks, or to exfiltrate sensitive information from the LLM's context or internal knowledge base to an external, untrusted party. Implement strict user confirmation for all outgoing messages, especially when the recipient or message content is derived from untrusted input. Limit the types of information that can be included in messages and ensure the LLM is explicitly instructed not to include sensitive internal data. | Static | SKILL.md:32 | |
| MEDIUM | Access to WhatsApp Chat History and Contacts The skill provides commands like `wacli chats list`, `wacli messages search`, and `wacli history backfill` which allow the agent to access and potentially retrieve WhatsApp chat history and contact information. While this is the intended functionality, it poses a data exfiltration risk if the LLM is prompted to search for or extract sensitive information from these logs and then communicate it externally. Ensure that any data retrieved from WhatsApp history or contact lists is handled with extreme care. Implement strict policies for what information can be searched, stored, or communicated externally. Require explicit user consent before accessing or sharing historical chat data. | Static | SKILL.md:23 |
Scan History
Embed Code
[](https://skillshield.io/report/0533a419b48c7611)
Powered by SkillShield