← Back to Skills Marketplace
2775
Downloads
0
Stars
18
Active Installs
1
Versions
Install in OpenClaw
/install openclaw-whatsapp
Description
WhatsApp bridge for OpenClaw — send/receive messages, auto-reply agents, QR pairing, message search, contact sync
Usage Guidance
Before installing, inspect the remote install.sh on GitHub (do not run curl | bash blindly). Verify what that installer writes (binaries, systemd unit, network endpoints) and whether the binary is signed or from a trustworthy source. Note the included scripts will copy files to /usr/local/bin and enable a user systemd service — that requires elevated privileges and creates persistent processes. The relay scripts pass WhatsApp message contents (including recent history) into your local openclaw agent via a generated prompt; if your agent is allowed to perform actions (or has network access), those message contents could be used to trigger external actions. Check and limit the system_prompt, allowlist/blocklist, and any webhooks you configure. If you want to reduce risk: (1) run the installer in a sandbox or review/replicate its steps manually, (2) install binaries to a user-owned directory instead of /usr/local/bin, (3) run the bridge under an unprivileged user account and inspect logs, (4) set OC_WA_* env vars explicitly and limit system_prompt capabilities, and (5) confirm the GitHub repo and author (0xs4m1337) are trustworthy or host your own vetted build.
Capability Analysis
Type: OpenClaw Skill
Name: openclaw-whatsapp
Version: 0.3.0
The skill bundle contains a critical shell injection vulnerability in `scripts/wa-notify-worker.sh`. The `$jid` variable, derived from user-controlled WhatsApp messages, is directly embedded into a `curl` command's URL without proper sanitization, allowing an attacker to execute arbitrary shell commands on the host system. Additionally, the `SKILL.md` instructs users to install the main binary via `curl | bash` from a remote GitHub URL, posing a supply chain risk. The skill also presents a prompt injection surface against the OpenClaw agent, as user-controlled message content is incorporated into the prompt.
Capability Assessment
Purpose & Capability
Name/description describe a local WhatsApp bridge and the files/instructions correspond: a Go binary (openclaw-whatsapp) + two shell relay scripts that enqueue messages and call the local openclaw agent CLI. Requiring the openclaw CLI and a local bridge is coherent with the described functionality.
Instruction Scope
SKILL.md instructs writing scripts into /usr/local/bin, creating a systemd user service, and running a remote install script via curl | bash. The included scripts access local APIs (http://localhost:8555) and pass message history into the openclaw agent (expected), but they also reference environment variables (OC_WA_OPENCLAW_PATH, OC_WA_AGENT_DATA_DIR, OC_WA_SYSTEM_PROMPT, OC_WA_WORKER_PATH) that are not declared in the skill metadata. The system_prompt examples show instructing the agent to call other actions (e.g., Google Calendar, Telegram), which could trigger broad side effects depending on your agent configuration — the SKILL.md grants the agent significant discretionary capability via configured prompts.
Install Mechanism
There is no formal install spec in registry metadata; instead SKILL.md tells users to run: curl -fsSL https://raw.githubusercontent.com/0xs4m1337/openclaw-whatsapp/main/install.sh | bash. Downloading and piping a remote script to bash is high-risk even when hosted on GitHub raw (the source is traceable but the installer is arbitrary and executed with the user's privileges). The rest of installation requires copying scripts to /usr/local/bin (sudo) and enabling a systemd service.
Credentials
Declared requirements list no env vars or credentials, but the scripts use several environment variables (OC_WA_OPENCLAW_PATH, OC_WA_AGENT_DATA_DIR, OC_WA_SYSTEM_PROMPT, OC_WA_WORKER_PATH) and expect file-system write access under /usr/local/bin, ~/.openclaw-whatsapp, and ~/.config/systemd/user. No network credentials or external API keys are requested by the skill itself, but the agent/system_prompt can direct the agent to call other integrations, which may require separate credentials not managed by this skill.
Persistence & Privilege
The skill's recommended installation results in persistent components: a systemd user service and executables under /usr/local/bin, plus persisted queue/log files under $HOME or /tmp. always is false (normal). This persistence is expected for a bridge but combined with the remote installer and sudo file writes increases the risk surface; review the installer and service contents before enabling.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openclaw-whatsapp - After installation, invoke the skill by name or use
/openclaw-whatsapp - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.3.0
Queue-based auto-reply architecture, portable scripts
Metadata
Frequently Asked Questions
What is OpenClaw WhatsApp?
WhatsApp bridge for OpenClaw — send/receive messages, auto-reply agents, QR pairing, message search, contact sync. It is an AI Agent Skill for Claude Code / OpenClaw, with 2775 downloads so far.
How do I install OpenClaw WhatsApp?
Run "/install openclaw-whatsapp" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is OpenClaw WhatsApp free?
Yes, OpenClaw WhatsApp is completely free (open-source). You can download, install and use it at no cost.
Which platforms does OpenClaw WhatsApp support?
OpenClaw WhatsApp is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created OpenClaw WhatsApp?
It is built and maintained by sam1337 (@0xs4m1337); the current version is v0.3.0.
More Skills