Security Audit
observe-whatsapp
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
observe-whatsapp received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential for Command Injection via script arguments.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential for Command Injection via script arguments The skill's documentation (`SKILL.md`) instructs the execution of `node` scripts with arguments that are placeholders for user-provided input (e.g., `--phone-number-id <id>`, `--message-id <id>`, `--phone-number <e164>`). If the values replacing these placeholders are derived from untrusted user input and are not properly sanitized or validated by the underlying `node` scripts, it could lead to command injection, allowing arbitrary shell commands to be executed on the host system. Ensure all arguments passed to `node` scripts are strictly validated and sanitized to prevent injection of malicious shell commands or arguments. Implement robust input validation within the `node` scripts themselves. The LLM should also be instructed to sanitize or validate any user-provided input before constructing these commands. | LLM | SKILL.md:24 |
Scan History
Embed Code
[](https://skillshield.io/report/7a071fbfbc53033e)
Powered by SkillShield