Delivery Queue
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill mostly queues messages locally, but it explicitly promotes human-like outreach to avoid WhatsApp spam detection and describes unattended background sending without clear implementation or controls.
Review carefully before installing. Do not use this skill for unsolicited outreach or to evade platform spam controls. If you use it for legitimate scheduling, require explicit approval for each campaign, verify whether it actually sends messages or only marks them sent, and remember that queued recipients and message text are stored locally under .openclaw.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using this skill could lead the agent to help send outreach in ways that violate platform rules, spam recipients, or put the user's messaging accounts and reputation at risk.
The skill explicitly frames timed delivery as a way to evade a platform anti-spam control, which is a risky use of messaging automation rather than ordinary scheduling.
- Avoid WhatsApp spam detection by pacing outbound messages
Remove anti-spam-evasion positioning, require explicit user approval and recipient consent for campaigns, and document safe rate limits and compliance boundaries.
Messages could be expected to go out later without the user actively reviewing each send, and users cannot tell from the artifacts how to monitor or stop that behavior.
The skill describes autonomous background activity and retries, but the artifact set does not provide a clear worker implementation, lifecycle controls, approval checkpoints, or stop mechanism.
4. Background worker sends at scheduled times 5. Failed deliveries retry up to 3 times
Provide reviewed worker code and explicit controls for start, stop, retry limits, approvals, logs, and cancellation, or state clearly that no background sending is implemented.
A user may believe messages were delivered when the included script only updated local status, causing missed communications or false campaign records.
The flush implementation marks queued items as sent locally; the provided source does not show an actual WhatsApp, Telegram, or email send operation despite the skill advertising delivery and 'Send all pending messages immediately'.
d['status'] = 'sent'; d['sent_at'] = now
Either implement and clearly declare the real provider send path with delivery/error reporting, or rename this behavior to 'mark sent' and avoid claiming actual delivery.
Contact details and message text may remain on disk until cancelled, sent, or cleaned, which matters if the messages contain private or business-sensitive information.
Scheduled recipients and message contents are persisted as local JSON files under the OpenClaw home directory.
QUEUE_DIR="${OPENCLAW_HOME:-$HOME/.openclaw}/delivery-queue" ... "recipient": $RECIPIENT_JSON,
"message": $MESSAGE_JSONDocument retention clearly, protect the queue directory, and give users simple controls to inspect, cancel, and delete queued messages.
The skill may fail or behave differently across systems because its runtime requirements are not declared.
The script depends on local binaries such as bash, python3, sha256sum, date, and realpath, while the metadata declares no required binaries and there is no install spec.
#!/bin/bash ... python3 -c ... ID=$(date +%s%N | sha256sum | head -c 12) ... realpath "$TARGET"
Declare required binaries and supported operating systems, or replace shell dependencies with a clearly packaged and tested runtime.