← 返回 Skills 市场
WhatsApp Validate
作者
Marcos Santos
· GitHub ↗
· v1.0.0
551
总下载
0
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install whatsapp-validate
功能描述
Check if phone numbers exist in the local Baileys session cache
安全使用建议
This skill reads your local OpenClaw WhatsApp credential directory (~/.openclaw/credentials/whatsapp/default or the directory set by OPENCLAW_STATE_DIR) and parses session/device files and contacts.json to determine which phone numbers are known. It does not perform network calls in the included code, but the registry/manifest/SKILL.md do not declare the config path or the fact it requires Node. Before installing:
- If you plan to use it, verify you have Node and consider running the script manually in a safe environment first (e.g., a throwaway account or VM) to confirm behavior.
- If you use the skill with a real WhatsApp account, be aware it reads your session/contacts data — only install if you trust the skill owner and accept local exposure of that data.
- Ask the author to update the manifest/SKILL.md to declare required binaries (node) and the exact config path(s) this skill reads (or allow overriding with OPENCLAW_STATE_DIR), and to document privacy considerations.
- If you are uncomfortable, do not install or run it against a production account; run it in an isolated environment or inspect/modify the script to limit file reads to a safe test directory.
功能分析
Type: OpenClaw Skill
Name: whatsapp-validate
Version: 1.0.0
The skill's purpose is to validate phone numbers against a local WhatsApp (Baileys) session cache. The `scripts/validate.js` file accesses the `OPENCLAW_STATE_DIR/credentials/whatsapp/default` directory, which is a sensitive location, but this access is directly aligned with the skill's stated purpose of querying Baileys session data. The script specifically extracts phone numbers from session filenames and a `contacts.json` file, not attempting to exfiltrate actual credential tokens or other unrelated sensitive data. Furthermore, the script includes robust input sanitization (`replace(/\D/g, '')`) for phone numbers, mitigating potential command injection vulnerabilities within the Node.js script itself. The `SKILL.md` provides standard usage instructions without any malicious prompt injection attempts.
能力评估
Purpose & Capability
The script's purpose (checking the local Baileys/WhatsApp cache) matches the skill name/description, but the skill manifest declares no required config paths or binaries while the code reads files from the user's OpenClaw credentials directory (~/.openclaw/... or OPENCLAW_STATE_DIR). Not declaring access to credential storage is a notable mismatch.
Instruction Scope
SKILL.md instructs the agent to exec a Node script but does not disclose that the script will read the user's WhatsApp credential directory and contacts.json. The runtime code enumerates session- and device-list files and reads contacts.json — it accesses local sensitive state (WhatsApp session/contacts) even though the instructions do not explicitly call this out.
Install Mechanism
There is no install spec (instruction-only) which is low risk, but the skill includes a JS script that requires node at runtime. The manifest did not list 'node' as a required binary. This omission is an inconsistency the user should be aware of (you must have Node available to run it).
Credentials
The code reads from a credential path derived from OPENCLAW_STATE_DIR or the default ~/.openclaw path and loads contacts/session files. The skill declares no required env vars or config paths in the registry metadata. Access to local credential files is sensitive and should have been declared; the requested access is proportionate to the described function but is not advertised in the manifest.
Persistence & Privilege
The skill is not always-included, does not request elevated/persistent privileges, does not modify other skills or system configuration, and contains no autonomous persistence behavior in the code.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install whatsapp-validate - 安装完成后,直接呼叫该 Skill 的名称或使用
/whatsapp-validate触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release. Validates phone numbers against the local Baileys session cache. Supports single number checks, batch validation of multiple numbers, and listing all known WhatsApp numbers. No live API calls needed.
元数据
常见问题
WhatsApp Validate 是什么?
Check if phone numbers exist in the local Baileys session cache. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 551 次。
如何安装 WhatsApp Validate?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install whatsapp-validate」即可一键安装,无需额外配置。
WhatsApp Validate 是免费的吗?
是的,WhatsApp Validate 完全免费(开源免费),可自由下载、安装和使用。
WhatsApp Validate 支持哪些平台?
WhatsApp Validate 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 WhatsApp Validate?
由 Marcos Santos(@marcosrippel)开发并维护,当前版本 v1.0.0。
推荐 Skills