add-whatsapp

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to read and display ephemeral pairing codes (store/pairing-code.txt) and to accept and embed the user's phone number into commands, which requires outputting secret/credential values verbatim.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.75). This is a third‑party GitHub repository from an unfamiliar user being added and merged directly into your codebase (followed by npm install/build), which is a supply‑chain risk — while not a direct executable download, it could introduce malicious code or dependencies if the repo is untrusted or malicious.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill integrates with WhatsApp and explicitly fetches group names and ingests/responds to user messages from WhatsApp as part of its required workflow (see "Phase 4: Registration" group sync and "Phase 5: Verify" test/send message steps and "Group names not showing" which runs group metadata sync), meaning untrusted, user-generated third‑party content can be read and influence the assistant's actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill adds and fetches code from the remote git repo https://github.com/qwibitai/nanoclaw-whatsapp.git during installation (git fetch/merge) and then builds/runs that code (npm install, build, tests, and npx/tsx steps), so the external repository directly supplies code that will execute and control the agent's behavior.