← Back to Skills Marketplace
WhatsApp Group Admin
by
Marcos Santos
· GitHub ↗
· v1.0.0
646
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install whatsapp-group-admin
Description
Group administration utilities - info, stats, invite link parsing, and creation templates
Usage Guidance
This skill appears to do what it says (count group members, parse invite links, create templates) but it reads local OpenClaw/WhatsApp state files (sender-key-* files and contacts.json) which may include sensitive contact or group metadata. Before installing: (1) confirm you are comfortable granting the skill read access to ~/.openclaw/credentials/whatsapp/default (or set OPENCLAW_STATE_DIR to a safe path); (2) note the skill assumes node is available — the package metadata does not declare this requirement; (3) inspect the included scripts/admin.js yourself (it is short and readable) or run it in a sandbox to verify behavior; (4) if you do not want any skill to access local WhatsApp state, do not install or disable autonomous invocation for this skill; (5) ask the author/registry to update metadata to list required binary 'node' and to declare the config path(s) it reads so users can make an informed decision.
Capability Analysis
Type: OpenClaw Skill
Name: whatsapp-group-admin
Version: 1.0.0
The skill is classified as suspicious due to two main factors: 1) The `SKILL.md` instructs the agent to execute a Node.js script (`scripts/admin.js`) with user-provided arguments directly, which is a common pattern that can lead to shell injection vulnerabilities if the script does not adequately sanitize input. 2) The `scripts/admin.js` file accesses sensitive local files within the OpenClaw agent's credential directory (`OPENCLAW_STATE_DIR/credentials/whatsapp/default`), specifically `contacts.json` and `sender-key-*` files, to extract WhatsApp group and member information. While this file access is plausibly needed for the skill's stated purpose of WhatsApp group administration, it involves handling sensitive data locally, increasing the risk profile.
Capability Assessment
Purpose & Capability
The code implements WhatsApp group info, stats, invite parsing and templates which matches the skill's description. However, the code requires access to local OpenClaw/WhatsApp state (credentials directory) to enumerate groups/members—this is reasonable for the stated purpose but the skill metadata does not declare that requirement.
Instruction Scope
SKILL.md instructs running node <skill_dir>/scripts/admin.js but does not mention that the script will read the user's OpenClaw WhatsApp credentials/state directory (defaults to $HOME/.openclaw/credentials/whatsapp/default or OPENCLAW_STATE_DIR). The script reads sender-key files and contacts.json, which may contain sensitive contact/group metadata. The instructions fail to warn the user about local file access.
Install Mechanism
There is no install spec (instruction-only), which minimizes install-time risk. However the skill includes a JS script that is intended to be run with 'node' — despite registry metadata declaring no required binaries. The absence of 'node' from required binaries is an inconsistency that should be corrected.
Credentials
The registry lists no required env vars or config paths, but the code reads OPENCLAW_STATE_DIR (if set) and falls back to ~/.openclaw/credentials/whatsapp/default. That path effectively gives the skill access to local WhatsApp credential/state files. The skill requests no external API keys, which is appropriate, but the undeclared local credential access is sensitive and should be explicitly declared.
Persistence & Privilege
always is false and the skill does not request persistent installation or modify other skills or system-wide settings. The skill can be invoked autonomously by the agent (platform default); combined with its local credential access this increases the potential blast radius, but autonomy alone is not a disqualifier.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install whatsapp-group-admin - After installation, invoke the skill by name or use
/whatsapp-group-admin - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release. Administrative utilities for WhatsApp groups. Get group info with member stats, list all groups with participant counts, create group configuration templates, and parse invite links. All from Baileys cache.
Metadata
Frequently Asked Questions
What is WhatsApp Group Admin?
Group administration utilities - info, stats, invite link parsing, and creation templates. It is an AI Agent Skill for Claude Code / OpenClaw, with 646 downloads so far.
How do I install WhatsApp Group Admin?
Run "/install whatsapp-group-admin" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is WhatsApp Group Admin free?
Yes, WhatsApp Group Admin is completely free (open-source). You can download, install and use it at no cost.
Which platforms does WhatsApp Group Admin support?
WhatsApp Group Admin is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created WhatsApp Group Admin?
It is built and maintained by Marcos Santos (@marcosrippel); the current version is v1.0.0.
More Skills