← Back to Skills Marketplace

WhatsApp Utils

Name: WhatsApp Utils
Author: marcosrippel

by Marcos Santos · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

949

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install whatsapp-utils

Description

Phone number formatting, cache inspection, contact export, and message ID generation

Usage Guidance

This skill appears to do what it claims, but note three practical issues before installing: (1) SKILL.md runs a local Node script — you must have the `node` binary available even though the registry metadata lists no required binaries; (2) the script reads your OpenClaw WhatsApp state directory (default ~/.openclaw/credentials/whatsapp/default or overridden by OPENCLAW_STATE_DIR) and will parse contacts.json and other cache files — those contain personal data you may not want exported; (3) the metadata does not disclose use of OPENCLAW_STATE_DIR. The skill does not make network calls, but it will print local contact data and cache statistics to stdout. If you plan to use it, inspect scripts/utils.js yourself, ensure you trust the author, consider running it in a controlled environment (or on a copy of your WhatsApp state), and verify Node is present. If you need stronger assurances, ask the author to: declare the node binary and OPENCLAW_STATE_DIR in metadata, and explicitly document which local files are read and what data is printed.

Capability Analysis

Type: OpenClaw Skill Name: whatsapp-utils Version: 1.0.0 The skill is classified as suspicious due to its direct access and output of potentially sensitive data from the OpenClaw state directory. Specifically, `scripts/utils.js` reads the content of `contacts.json` and lists files (including credential-related ones like `creds.json`, `session-`, `sender-key-`) from the `OPENCLAW_STATE_DIR/credentials/whatsapp/default` path. While the `SKILL.md` description mentions 'cache inspection' and 'contact export', these capabilities, even if intended, represent a significant information disclosure risk if the agent is compromised or misused, as the data is outputted to `console.log`.

Capability Assessment

⚠ Purpose & Capability

The script's behavior (reading an OpenClaw WhatsApp credentials/cache directory and exporting contacts) matches the skill description. However the package metadata declares no required binaries or env vars while the runtime expects the `node` binary and optionally uses OPENCLAW_STATE_DIR. The implicit dependency on Node and the implicit use of an OpenClaw state path are mismatches between declared requirements and actual capabilities.

⚠ Instruction Scope

SKILL.md instructs the agent to exec a local Node script which (for cache-info and export-contacts) reads files under the OpenClaw credentials path (defaulting to ~/.openclaw/credentials/whatsapp/default or OPENCLAW_STATE_DIR). The README does not explicitly disclose that it will read that directory or that contacts.json will be parsed and printed. While the reads are coherent with the stated purpose, the instructions omit privacy/security disclosures about accessing local WhatsApp state and personal contacts.

✓ Install Mechanism

There is no install spec (instruction-only with an included scripts/utils.js). This is low-risk from an install perspective because nothing external is downloaded or written during install. The runtime does require Node to execute the script, which is not declared.

ℹ Credentials

The skill declares no required environment variables, but the code reads process.env.OPENCLAW_STATE_DIR if present and otherwise uses a default path in the user's home directory. That ENV usage is reasonable for locating OpenClaw state, but it is not declared in metadata. Also the skill will read local credential/cache files (contacts.json and other files) — which is proportional to cache inspection/export features but involves sensitive personal data.

✓ Persistence & Privilege

The skill does not request persistent presence, does not modify other skills or system settings, and does not require elevated privileges. always is false and autonomous invocation is allowed (platform default).

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install whatsapp-utils
After installation, invoke the skill by name or use /whatsapp-utils
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release. Swiss-army knife utilities for WhatsApp automation. Format and clean phone numbers, inspect Baileys cache info, export contacts to JSON/CSV, and generate WhatsApp-compatible message IDs.

Metadata

Slug whatsapp-utils

Version 1.0.0

License —

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is WhatsApp Utils?

Phone number formatting, cache inspection, contact export, and message ID generation. It is an AI Agent Skill for Claude Code / OpenClaw, with 949 downloads so far.

How do I install WhatsApp Utils?

Run "/install whatsapp-utils" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is WhatsApp Utils free?

Yes, WhatsApp Utils is completely free (open-source). You can download, install and use it at no cost.

Which platforms does WhatsApp Utils support?

WhatsApp Utils is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created WhatsApp Utils?

It is built and maintained by Marcos Santos (@marcosrippel); the current version is v1.0.0.

More Skills