add-whatsapp

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill instructs the agent to read ephemeral authentication secrets (e.g., polling and cat'ing store/pairing-code.txt and displaying the pairing code) and to print values extracted from creds.json, which requires outputting secret/authentication data verbatim.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). This is an untrusted GitHub repository from an unknown user that would be merged into and executed by your project (including auth scripts and runtime deps), which makes it potentially dangerous for credential theft or arbitrary code execution.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly syncs and ingests user-generated WhatsApp data (e.g., "npx tsx setup/index.ts --step groups" in Phase 4 to fetch group names and the runtime registration/test steps that cause the assistant to read and respond to incoming WhatsApp messages/registered chats), so untrusted third‑party messages could be interpreted and materially influence the agent's actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill runs git commands to fetch and merge the remote repository https://github.com/qwibitai/nanoclaw-whatsapp.git at runtime, pulling source files (channel and auth scripts) that are merged into the codebase and built/executed, so remote code is fetched and executed as a required dependency.