← 返回 Skills 市场
414
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install whatsapp-cloud-api-reference
功能描述
Use when implementing WhatsApp messaging via Meta Cloud API, or diagnosing failures like message not delivered, template rejected, webhook issues, phone not...
安全使用建议
This appears to be a legitimate WhatsApp Cloud API reference, but the registry metadata is missing required environment variables that the examples clearly use. Before installing or enabling this skill:
- Treat the examples as requiring secrets: WA_ACCESS_TOKEN (access token), WA_PHONE_NUMBER_ID (phone number id), and VERIFY_TOKEN (webhook verification token). Ask the author to declare these explicitly in requires.env/primaryEnv.
- Do not paste real access tokens into public or shared prompts. Store tokens in a secure environment and use least privilege (narrow scopes, rotate tokens).
- Verify the SKILL.md claim about a "permanent" System User token — prefer short-lived tokens or token rotation when possible.
- Inspect the rest of the SKILL.md (it was truncated in your copy) to confirm there are no instructions to forward payloads to non-Meta endpoints or to exfiltrate message contents.
- Because this is instruction-only, it won't install software, but the skill assumes your runtime will provide the environment variables and networking needed to call Meta APIs and serve a public HTTPS webhook. Ensure your hosting, TLS, and webhook handling meet Meta's security recommendations.
If you want, provide the full (untruncated) SKILL.md or ask the skill author to update the metadata to list the required env vars — that would raise this assessment to benign if no other issues appear.
功能分析
Type: OpenClaw Skill
Name: whatsapp-cloud-api-reference
Version: 1.0.0
The skill bundle provides comprehensive documentation and code examples for interacting with the Meta WhatsApp Cloud API. All API calls are directed to legitimate Meta endpoints (graph.facebook.com). The code snippets demonstrate standard practices for API integration, including accessing environment variables for API tokens and handling webhooks. The debugging scripts are designed to help users diagnose their own API setup, not to exfiltrate data to unauthorized parties. There is no evidence of prompt injection attempts against the AI agent, nor any malicious code designed for data exfiltration, persistence, or unauthorized remote control.
能力评估
Purpose & Capability
The name/description match the SKILL.md content (examples for sending messages, templates, media, and webhooks). However the registry metadata says 'Required env vars: none' and 'Primary credential: none' even though the examples rely on secrets/IDs (e.g., WA_ACCESS_TOKEN, WA_PHONE_NUMBER_ID, VERIFY_TOKEN). That omission is incoherent and downplays the need for sensitive credentials.
Instruction Scope
The instructions and code samples stay inside the stated purpose (sending messages, templates, media, webhook handling, constraints). There is no obvious instruction to read arbitrary system files or to transmit data to endpoints outside Meta's graph.facebook.com or user-specified media hosts. Note: the SKILL.md references environment variables and webhook setup that are needed at runtime but were not declared in metadata.
Install Mechanism
This is an instruction-only skill with no install spec and no code files — lowest install risk. The samples suggest installing common libs (axios, requests) but the skill does not itself install packages or download remote code.
Credentials
The SKILL.md expects sensitive values in environment variables (WA_ACCESS_TOKEN, WA_PHONE_NUMBER_ID, VERIFY_TOKEN and potentially a System User token), yet the skill declares none. Requiring these credentials would be proportional to the purpose, but failing to declare them is a red flag: users won't be warned that secrets are needed, and an automated system may not protect them appropriately.
Persistence & Privilege
The skill is not always-included and does not request persistent privileges. There is no evidence it attempts to modify other skills or system-wide settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install whatsapp-cloud-api-reference - 安装完成后,直接呼叫该 Skill 的名称或使用
/whatsapp-cloud-api-reference触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release featuring WhatsApp Cloud API integration guide:
- Detailed setup checklist for Meta WhatsApp Cloud API and WhatsApp Business Account.
- Code samples for sending messages (Node.js, Python, curl) and templates for various message types (text, template, image, document, audio, video).
- Common troubleshooting info: message status tracking, delivery errors, token handling, template rejection, rate limits, webhook setup, and quality rating issues.
- Webhook handler example (Express.js) for correct async processing and callback verification.
- Clear documentation of conversation rules and 24-hour reply windows.
元数据
常见问题
WhatsApp cloud api reference 是什么?
Use when implementing WhatsApp messaging via Meta Cloud API, or diagnosing failures like message not delivered, template rejected, webhook issues, phone not... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 414 次。
如何安装 WhatsApp cloud api reference?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install whatsapp-cloud-api-reference」即可一键安装,无需额外配置。
WhatsApp cloud api reference 是免费的吗?
是的,WhatsApp cloud api reference 完全免费(开源免费),可自由下载、安装和使用。
WhatsApp cloud api reference 支持哪些平台?
WhatsApp cloud api reference 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 WhatsApp cloud api reference?
由 Roman(@romanbaz)开发并维护,当前版本 v1.0.0。
推荐 Skills