by 安全扫描
OpenClaw
安全
high confidence该技能提供WACLI操作功能,代码和指令与其声明目的一致。
评估建议
此技能用于通过命令行接口操作相关服务。...详细分析 ▾
✓ 用途与能力
Name/description, required binary, and install methods (brew formula steipete/tap/wacli and Go module github.com/steipete/wacli) align with a CLI-based WhatsApp tool. There are no unrelated env vars, credentials, or config paths requested.
ℹ 指令范围
SKILL.md only instructs the agent to run wacli commands (auth, sync, search, send, backfill) and to require explicit recipient+message confirmations. This stays within the stated purpose. Note: using those commands implies access to WhatsApp messages and writes to the tool's store directory (~/.wacli), so the agent (or the wacli binary) will be able to read/write message history and auth tokens as part of normal operation.
✓ 安装机制
Installers are standard: a Homebrew formula and a Go module (both point to the project's name/author). No direct downloads from arbitrary URLs or extracted archives are referenced in the skill metadata. Verify the brew tap and Go module author before installing, but the install mechanism itself is proportionate.
✓ 凭证需求
The skill declares no environment variables or external credentials, which is consistent with a local CLI-focused tool. There are no requests for unrelated secrets or system-wide config.
ℹ 持久化与权限
always is false and the skill does not request system-wide privileges. The wacli binary will create/use a local store (default ~/.wacli) to hold auth/session data — this is expected but worth noting because it stores sensitive tokens and message history on disk.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/2/25
Priority upload batch
● 无害
安装命令 点击复制
官方npx clawhub@latest install mh-wacli
镜像加速npx clawhub@latest install mh-wacli --registry https://cn.clawhub-mirror.com
技能文档
Use wacli only when the user explicitly asks you to message someone else on WhatsApp or when they ask to sync/search WhatsApp history.
Do NOT use wacli for normal user chats; OpenClaw routes WhatsApp conversations automatically.
If the user is chatting with you on WhatsApp, you should not reach for this tool unless they ask you to contact a third party.
Safety
- Require explicit recipient + message text.
- Confirm recipient + message before sending.
- If anything is ambiguous, ask a clarifying question.
Auth + sync
wacli auth(QR login + initial sync)wacli sync --follow(continuous sync)wacli doctor
Find chats + messages
wacli chats list --limit 20 --query "name or number"wacli messages search "query" --limit 20 --chatwacli messages search "invoice" --after 2025-01-01 --before 2025-12-31
History backfill
wacli history backfill --chat--requests 2 --count 50
Send
- Text:
wacli send text --to "+14155551212" --message "Hello! Are you free at 3pm?" - Group:
wacli send text --to "1234567890-123456789@g.us" --message "Running 5 min late." - File:
wacli send file --to "+14155551212" --file /path/agenda.pdf --caption "Agenda"
Notes
- Store dir:
~/.wacli(override with--store). - Use
--jsonfor machine-readable output when parsing. - Backfill requires your phone online; results are best-effort.
- WhatsApp CLI is not needed for routine user chats; it’s for messaging other people.
- JIDs: direct chats look like
@s.whatsapp.net @g.us wacli chats listto find).
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制