← 返回 Skills 市场
kareemadelawwad

Evolution WhatsApp

作者 Kareem Adel · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
467
总下载
0
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install evolution-whatsapp
功能描述
Manage WhatsApp via Evolution API: send messages, media, contacts, polls, manage groups, fetch chats, and summarize conversations.
使用说明 (SKILL.md)

Evolution WhatsApp Skill

Control WhatsApp via Evolution API v2.

Configuration

Before using, configure your credentials:

export EVO_BASE_URL="https://your-evo-instance.com"
export EVO_INSTANCE_TOKEN="your-instance-token"
export EVO_INSTANCE_NAME="YourInstanceName"

Getting Credentials

  1. Deploy Evolution API — Use Evolution API or their hosted service
  2. Create an instance — Get your instance name and token
  3. Set environment variables — Add to your shell or OpenClaw config

Capabilities

  • Send text messages
  • Send media (images, videos, documents)
  • Send audio / voice notes
  • Send stickers
  • Send location
  • Send contacts
  • Send buttons / interactive messages
  • Send lists
  • Send polls
  • Create / manage groups
  • Fetch chats, messages, contacts
  • Summarize group conversations

Usage Examples

Send a message to +201234567890: Hello!
Send an image to [number]: https://example.com/image.jpg with caption "Check this out"
Get my recent chats
List my groups
Summarize group [group name]

Environment Variables

Variable Description
EVO_BASE_URL Your Evolution API base URL
EVO_INSTANCE_TOKEN Your instance API token
EVO_INSTANCE_NAME Your instance name (URL encoded if needed)

Notes

  • Ensure your Evolution API instance is running and accessible
  • The instance must be connected to WhatsApp
  • Check API documentation for rate limits and restrictions
安全使用建议
This skill's behavior otherwise matches its description, but pay attention to these issues before installing: - Confirm the three environment variables (EVO_BASE_URL, EVO_INSTANCE_TOKEN, EVO_INSTANCE_NAME) will be provided by you; the skill will exit otherwise. The registry metadata omitted these — treat that as an authoring error and verify values before use. - Ensure EVO_BASE_URL points to a trusted Evolution API instance you control or trust. The script sends your EVO_INSTANCE_TOKEN in an HTTP header to that base URL — if the endpoint is malicious or public, the token could be misused. - Remove or sanitize any .env file in the skill directory (or modify the script) if you keep other secrets there; the script auto-sources .env which may load unrelated sensitive values. - Prefer using a token with minimal scope and rotate it if you test on shared infrastructure. If you need stronger assurance, review the Evolution API server code and host it yourself rather than using an unfamiliar hosted instance. If you want help: I can (a) produce a safer variant of evo.sh that refuses to source .env, (b) draft updated SKILL.md metadata to include the required env vars, or (c) checklist how to self-host and harden the Evolution API instance.
功能分析
Type: OpenClaw Skill Name: evolution-whatsapp Version: 1.0.0 The skill is classified as suspicious due to critical shell injection vulnerabilities found in `evo.sh`. Multiple functions, such as `send_text`, `send_media`, and others, construct JSON payloads by directly embedding unsanitized user-supplied arguments into a string passed to `curl -d`. This allows for arbitrary command execution (RCE) on the host system if user input contains shell metacharacters. Additionally, the script attempts to load environment variables from a local `.env` file, which could be exploited if an attacker can control the file. While these are severe vulnerabilities, there is no clear evidence of intentional malicious behavior like data exfiltration to an attacker-controlled server or persistence mechanisms, aligning it with a 'suspicious' classification rather than 'malicious'.
能力评估
Purpose & Capability
The name, description, SKILL.md, and evo.sh are coherent: the script implements sending messages/media, fetching chats/groups, and other WhatsApp operations via the Evolution API. The environment variables and endpoints used are appropriate for that purpose. However, the registry metadata declares no required environment variables even though both SKILL.md and evo.sh require EVO_BASE_URL, EVO_INSTANCE_TOKEN, and EVO_INSTANCE_NAME — a notable inconsistency.
Instruction Scope
The instructions and the shell script stay within the stated scope (calling Evolution API endpoints via curl). One runtime behavior to note: evo.sh will source a local .env file from the script directory if present, which can load any local environment values (potentially unrelated secrets) without explicit mention in SKILL.md; otherwise the script only reads the three Evolution-related env vars.
Install Mechanism
There is no install spec or remote download; this is an instruction-only skill with an included bash script. No external packages or archives are fetched, and nothing is written to disk by an installer.
Credentials
The script legitimately needs EVO_BASE_URL, EVO_INSTANCE_TOKEN, and EVO_INSTANCE_NAME to operate. However, the registry metadata does not declare these required env vars (it lists none), which is a mismatch that could hide the need to provide credentials. Additionally, the script's automatic sourcing of a .env file may cause it to load other local variables unexpectedly — this expands its effective access to secrets beyond the three documented vars unless the user ensures .env contains only intended values.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and has no install-time persistence requirements. It runs as a normal, user-invocable/autonomously-invocable skill and does not claim elevated system privileges.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install evolution-whatsapp
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /evolution-whatsapp 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of Evolution WhatsApp Skill: - Integrates WhatsApp control via Evolution API v2. - Supports sending messages, media, audio, stickers, location, contacts, buttons, lists, and polls. - Includes group management and conversation summarization. - Allows fetching of chats, messages, contacts, and groups. - Requires configuration of API credentials via environment variables.
元数据
Slug evolution-whatsapp
版本 1.0.0
许可证
累计安装 2
当前安装数 2
历史版本数 1
常见问题

Evolution WhatsApp 是什么?

Manage WhatsApp via Evolution API: send messages, media, contacts, polls, manage groups, fetch chats, and summarize conversations. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 467 次。

如何安装 Evolution WhatsApp?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install evolution-whatsapp」即可一键安装,无需额外配置。

Evolution WhatsApp 是免费的吗?

是的,Evolution WhatsApp 完全免费(开源免费),可自由下载、安装和使用。

Evolution WhatsApp 支持哪些平台?

Evolution WhatsApp 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Evolution WhatsApp?

由 Kareem Adel(@kareemadelawwad)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论