Security Audit

whatsapp-ultimate

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

whatsapp-ultimate received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Skill describes ability to access arbitrary file paths for sending and importing.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

85%

Behavioral Risk Signals

Filesystem Write

1 finding

Excessive Permissions

1 finding

Security Findings1

Severity	Finding	Layer	Location
HIGH	Skill describes ability to access arbitrary file paths for sending and importing The skill's documentation indicates that it can send various media types (images, stickers, voice notes, GIFs) and set group icons using a `filePath` parameter (e.g., `filePath=/path/to/image.jpg`). Additionally, the `whatsapp_history` tool is described as being able to import chat exports from an arbitrary `path` (e.g., `path="/path/to/exports"`). If the underlying skill implementation allows an AI agent to specify arbitrary file paths on the host system, this capability could be exploited for data exfiltration (e.g., reading sensitive system files like `/etc/passwd` or user data) or for writing to sensitive locations if the underlying file operations are not read-only. This grants the AI agent excessive permissions over the host filesystem. The skill implementation should restrict file access to a designated, sandboxed directory (e.g., a temporary upload folder or a user-specific data directory) and prevent access to arbitrary system paths. Validate and sanitize all `filePath` inputs to ensure they do not contain path traversal sequences (e.g., `../`). Consider implementing a whitelist for allowed file extensions or content types. For import functions, ensure the path is within an expected and secure user data directory.	LLM	SKILL.md:47

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/53aaba0e7ab9d012.svg)](https://skillshield.io/report/53aaba0e7ab9d012)