ClawHub

SocialEpoch WhatsApp SCRM 智能助手

v1.0.4

官方原生对接 SocialEpoch WhatsApp SCRM 开放API,零代码实现全类型消息收发、发送WhatsApp消息,客户管理、用户画像,聊天记录、WebHook 回调,消息记录查询,号码在线查询,号码状态查询等操作。

1· 73·0 current·0 all-time
bySocialEpoch@liuguangchuan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, README, skill.json and SKILL.md consistently describe SocialEpoch WhatsApp SCRM operations (send different message types, query records, set webhooks). The skill asks for tenantId, ApiKey and API_BASE which are exactly what a REST API integration would need.
Instruction Scope
SKILL.md contains fetch() request templates that only call {{API_BASE}} endpoints and pass tenantId/ApiKey in headers. There are no instructions to read unrelated files, environment variables, or to send data to other external endpoints beyond user-provided webhook URLs and the configured API_BASE.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is downloaded or written to disk by an installer, which is the lowest-risk option.
Credentials
The skill requires three configuration items (tenantId, ApiKey, API_BASE) declared in skill.json configSchema. These map directly to the API calls in SKILL.md and are proportionate to the described functionality.
Persistence & Privilege
The skill is not flagged always:true and uses normal permissions (network, config). It does not request system-wide config changes or credentials for other services.
Assessment
This skill is internally consistent, but before installing: 1) Verify you trust SocialEpoch (confirm API_BASE is the official domain and consult their docs). 2) Provide only a least-privilege ApiKey/tenantId (use a test account when possible) and rotate credentials after testing. 3) Be mindful that messages and queried history may contain customer personal data — ensure compliance with privacy rules. 4) When setting WebHook URLs, only use endpoints you control and can secure. If provenance of the skill (publisher identity, homepage) matters to you, try to obtain an official source or vendor confirmation before using in production.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fr8c095m66wsf282esaw6nd84hc9r

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments