首页 / 技能 / Whatsapp Auto Reply — 智能回复助手

📦 Whatsapp Auto Reply — 智能回复助手

v0.1.0

为 WhatsApp 消息生成礼貌且贴合语境的回复建议,帮助个人聊天、客服支持与 AI 回复规划更高效。

0· 242·0 当前·0 累计
iqbalpak 头像by @iqbalpak
自动化智能体API工具工作流
下载技能包
最后更新
2026/4/21
0
安全扫描
VirusTotal
可疑
查看报告
OpenClaw
可疑
high confidence
NULL
评估建议
Do not install or enable this skill until the developer clarifies and fixes the inconsistencies. Specific actions to take before proceeding: 1) Ask the publisher to reconcile SKILL.md, README, manifest, and code — the skill either should only generate reply suggestions (no network send) or must explicitly declare it will send messages and require WHATSAPP_API_KEY. 2) Verify the external endpoint (https://api.whatsapp-service/send): who operates it, is it trustworthy, and is TLS/certificate prope...
详细分析 ▾
用途与能力
SKILL.md and the public description say the skill only generates reply suggestions and 'does NOT access WhatsApp directly', but README.md, manifest.json, and skill.py implement an autonomous send workflow that accepts phone_number and posts to an external API. The declared registry requirements list no env vars/credentials, which contradicts the code that reads WHATSAPP_API_KEY.
指令范围
Runtime instructions in SKILL.md do not mention calling any external API, requiring phone numbers, or needing an API key. The actual code sends the provided message and phone number to https://api.whatsapp-service/send, which is outside the stated scope and is not disclosed in the SKILL.md.
安装机制
No install spec is provided (instruction-only), but a requirements.txt lists 'requests' and 'python-dotenv' and skill.py performs network requests. Lack of an install spec means dependencies may be unmet or silently installed by the platform; the code contacts an external, non-obvious domain (api.whatsapp-service) rather than a well-known provider.
凭证需求
manifest/registry claim no required env variables, yet skill.py reads WHATSAPP_API_KEY from the environment. That credential would allow the skill to send messages on behalf of an account — a high-privilege secret that should have been declared and justified.
持久化与权限
always is false and nothing requests persistent system modifications. However, the skill can be invoked autonomously (platform default); combined with the undisclosed API key requirement and network send behavior, autonomous invocation increases risk if the key is supplied.
安全有层次,运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv0.1.02026/3/14

NULL

可疑

安装命令

点击复制
官方npx clawhub@latest install whatsapp-auto-reply
镜像加速npx clawhub@latest install whatsapp-auto-reply --registry https://cn.longxiaskill.com
数据来源ClawHub ↗ · 中文优化:龙虾技能库