add-whatsapp
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches WhatsApp channel source code from the author's GitHub repository at github.com/qwibitai/nanoclaw-whatsapp.git using git fetch and merge operations.
- [REMOTE_CODE_EXECUTION]: Merges and executes code from the external repository using npx tsx and npm install. This includes running setup scripts for WhatsApp authentication and registration.
- [COMMAND_EXECUTION]: Executes system commands to manage services (launchctl, systemctl), terminate processes (pkill), and interact with the local database (sqlite3) for registration and troubleshooting.
- [DATA_EXFILTRATION]: Accesses and processes local sensitive files including WhatsApp authentication credentials (store/auth/creds.json) and environment configurations (.env). These operations are restricted to the local environment and are essential for the channel's functionality.
Audit Metadata