lharries/whatsapp-mcp

AI review

The extension has a legitimate purpose but includes a remote code execution vector via curl-piped-to-sh installation of UV, and uses subprocess.run for audio conversion which could be exploited if arguments are not sanitized. The developer should pin UV installation to a specific version and validate all subprocess arguments.

• medium Unpiped remote installation of UV — README.md line 24 instructs users to run `curl -LsSf https://astral.sh/uv/install.sh | sh`, which downloads and executes a script from the internet without version pinning or checksum verification. This could be exploited if the astral.sh domain is compromised, leading to arbitrary code execution on the user's machine.
• medium Subprocess execution for audio conversion — In whatsapp-mcp-server/audio.py line 52, `subprocess.run()` is called. If the command or its arguments are constructed from user-controlled input (e.g., file names or paths), this could allow command injection. The code should be reviewed to ensure all arguments are properly sanitized or use safe APIs.
• low Network requests to external URLs — In whatsapp-mcp-server/whatsapp.py line 637, `requests.post(url, json=payload)` is used. If the URL is dynamically constructed from user input or untrusted sources, it could be exploited for SSRF or data exfiltration. The URL should be validated against an allowlist.

Model: deepseek-chat

Static findings