observe-whatsapp
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Authentication is handled via the
KAPSO_API_KEYenvironment variable. The key is transmitted securely in theX-API-Keyheader during requests to the user-configuredKAPSO_API_BASE_URL. - [SAFE]: The skill performs diagnostic read operations against the Kapso Platform API. All scripts use standard HTTP GET requests to fetch message logs, delivery statuses, and health check data without any destructive actions.
- [SAFE]: Input handling is robust. Query parameters and path segments are correctly processed using
URLSearchParamsandencodeURIComponent, preventing common injection vulnerabilities in the API interaction layer. - [SAFE]: The
openapi-explore.mjsutility fetches OpenAPI specifications from the vendor's official documentation site (docs.kapso.ai). This is a legitimate operational function to provide the agent with API schema information. - [SAFE]: All included Node.js dependencies and script logic are transparent and focused on the stated purpose of WhatsApp observability.
Audit Metadata