Trust Assessment
whatsapp-telegram-calendar-alert received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 13 findings: 4 critical, 5 high, 4 medium, and 0 low severity. Key findings include Persistence / self-modification instructions, Missing required field: name, Persistence mechanism: macOS LaunchAgent.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings13
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions macOS LaunchAgent/LaunchDaemon persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/vincent-labarthe/whatsapp-telegram-calendar-alert/SKILL.md:64 | |
| CRITICAL | Persistence / self-modification instructions macOS LaunchAgent/LaunchDaemon persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/vincent-labarthe/whatsapp-telegram-calendar-alert/SKILL.md:65 | |
| CRITICAL | Persistence / self-modification instructions macOS LaunchAgent/LaunchDaemon persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/vincent-labarthe/whatsapp-telegram-calendar-alert/setup.sh:125 | |
| CRITICAL | Persistence / self-modification instructions macOS LaunchAgent/LaunchDaemon persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/vincent-labarthe/whatsapp-telegram-calendar-alert/setup.sh:157 | |
| HIGH | Persistence mechanism: macOS LaunchAgent Detected macOS LaunchAgent pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/vincent-labarthe/whatsapp-telegram-calendar-alert/SKILL.md:64 | |
| HIGH | Persistence mechanism: macOS LaunchAgent Detected macOS LaunchAgent pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/vincent-labarthe/whatsapp-telegram-calendar-alert/SKILL.md:65 | |
| HIGH | Persistence mechanism: macOS LaunchAgent Detected macOS LaunchAgent pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/vincent-labarthe/whatsapp-telegram-calendar-alert/setup.sh:125 | |
| HIGH | Persistence mechanism: macOS LaunchAgent Detected macOS LaunchAgent pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/vincent-labarthe/whatsapp-telegram-calendar-alert/setup.sh:157 | |
| HIGH | Unpinned Docker Image Dependency The `setup.sh` script uses the `devlikeapro/waha:latest` Docker image. Relying on the `latest` tag means that the skill uses an unpinned dependency. A malicious update to this Docker image by its maintainer could introduce vulnerabilities, backdoors, or other harmful code without the user's explicit knowledge or action, leading to a supply chain attack. This could compromise the host system where the Docker container is running. Pin the Docker image to a specific, immutable version (e.g., `devlikeapro/waha:1.2.3` or `devlikeapro/waha@sha256:hash`). Regularly review and update the pinned version to incorporate security patches and ensure stability. | LLM | setup.sh:39 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/vincent-labarthe/whatsapp-telegram-calendar-alert/SKILL.md:1 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/vincent-labarthe/whatsapp-telegram-calendar-alert/setup.sh:16 | |
| MEDIUM | Sensitive Credentials Stored in Local .env File The `setup.sh` script extracts the `WAHA_API_KEY` from Docker logs and prompts the user for their `TELEGRAM_CHAT_ID`, then stores both in a plain-text `.env` file (`~/.openclaw/workspace/.whatsapp-messages/.env`). While the skill states this file is 'not committed to git', its presence on the local filesystem makes these credentials vulnerable to exfiltration if the user's machine is compromised by malware or other local attackers. The extraction of the API key from Docker logs is also a sensitive operation. Consider using more secure methods for storing sensitive credentials, such as a system keyring, environment variables managed by a secrets manager, or prompting for credentials at runtime rather than storing them persistently on disk. If local file storage is necessary, ensure the file permissions are strictly set (e.g., `chmod 600`) and consider encrypting the file at rest. | LLM | setup.sh:50 | |
| MEDIUM | Unencrypted Storage of Sensitive User Data (WhatsApp Messages) The `message-store.js` script, created and run by `setup.sh`, stores all incoming WhatsApp messages (excluding those sent by the user) in a plain-text file named `messages.jsonl` located at `~/.openclaw/workspace/.whatsapp-messages/messages.jsonl`. This file contains potentially highly sensitive personal communications. While the data is stored locally and the webhook is configured to `host.docker.internal` (limiting network exposure), the unencrypted storage of this data on disk makes it a high-value target for any local attacker or malware that gains access to the user's filesystem. Implement encryption for the `messages.jsonl` file at rest. This could involve using a file-level encryption system or encrypting the content before writing it to the file. Ensure that access to this directory and file is restricted with appropriate filesystem permissions. Consider implementing data retention policies to automatically delete old messages. | LLM | setup.sh:67 |
Scan History
Embed Code
[](https://skillshield.io/report/8c2910403692885c)
Powered by SkillShield