ClawHub

WhatsApp Outreach Platform — AI Leads, Bulk Messaging, Reviews & CRM Pipeline

v2.16.4

Automate WhatsApp at scale — mine leads from groups with AI, broadcast to channel followers, bulk message with ban-safe delays, schedule campaigns, auto-repl...

5· 2.9k·3 current·3 all-time
byWaiflow@alex-tradequo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description (WhatsApp outreach, lead mining, bulk messaging, AI features) align with the documented REST endpoints and examples. The sole required secret (MOLTFLOW_API_KEY) is appropriate and declared as the primary credential. There are no unrelated binaries, config paths, or unrelated credentials requested.
Instruction Scope
Runtime instructions are entirely API-focused (curl examples, MCP integration instructions, endpoints for sessions/groups/messages/AI features). They do instruct the agent (and user) to send WhatsApp messages, ingest documents, transcribe voice notes, and read group messages via the MoltFlow API — which is consistent with the stated purpose. Note: some example text references 'your LLM API key' for certain Pro features; the skill does not require or declare an LLM env var and earlier files state LLM keys are managed via the MoltFlow dashboard. Also be aware that using the skill necessarily sends WhatsApp/group content and uploaded documents to MoltFlow's servers.
Install Mechanism
This is an instruction-only package with no install spec and no code files to execute locally. That minimizes on-disk risk; all actions are documented HTTP calls to the service's API (apiv2.waiflow.app).
Credentials
Only one environment variable is required (MOLTFLOW_API_KEY) and it is justified by the skill's API usage. No other credentials, system secrets, or config paths are requested. The documentation repeatedly recommends scoped API keys and least-privilege scopes.
Persistence & Privilege
Model invocation is disabled (disable-model-invocation: true), preventing autonomous skill invocation; always is false. The skill does not request permanent presence or system modifications. It documents server-side features (webhooks, SSE) but does not install local background services.
Assessment
This package is documentation for a third-party WhatsApp automation API and appears internally consistent. Before installing/using: 1) Only provide a scoped MOLTFLOW_API_KEY with the minimum scopes needed (messages, groups, etc.), not a full-privilege key. 2) Understand that group messages, uploads (PDFs), voice notes, and contact data will be sent to MoltFlow's servers — confirm GDPR/consent and your privacy/compliance needs. 3) Prefer OAuth where supported (MCP integrations) instead of pasting raw API keys. 4) Note the 'disable-model-invocation: true' setting prevents autonomous agent actions, but you should still audit any actions you instruct the skill to perform (bulk sends, webhooks) to avoid accidental mass messaging. 5) If you need stronger assurance, review MoltFlow's public docs, privacy policy, and API key scope controls on their dashboard before providing credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c199dmtmhqfxc69g9dhm47s826wj7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📱 Clawdis
EnvMOLTFLOW_API_KEY
Primary envMOLTFLOW_API_KEY

Comments