whatsapp-monitor

Things to consider before installing or running this skill: - Credentials handling: The skill expects Feishu credentials (app_id, app_secret, table tokens) but asks you to place them in config/feishu-settings.json (plain JSON), which may be stored under the skill directory or your home directory. Avoid committing that file to git; set secure file permissions and prefer using a secret store or environment variables if you can. - Inspect whatsapp_client.py and omitted files: The WhatsApp client interacts with WhatsApp Web and may automate a browser or rely on an OpenClaw channel; review those files for any network endpoints or unexpected outbound connections beyond Feishu’s API (open.feishu.cn). - Principle of least privilege: Create a Feishu app/token with only the table permissions you need, rotate tokens after testing, and restrict IPs or tenant access if possible. - Test in isolation: Run in a sandbox or non-production account first. The test scripts attempt to write configs and data under the skill directory; confirm file locations and permissions before adding real credentials. - Legal/privacy: Monitoring WhatsApp conversations may capture private or sensitive data. Ensure you have consent and comply with local laws and company policies before monitoring chats. - Deployment hygiene: The skill’s metadata does not declare required env vars; if you deploy this inside OpenClaw, explicitly configure env paths and secret storage in OpenClaw rather than leaving secrets in repo files. Consider adding .gitignore entries for config/feishu-settings.json or move secrets to environment variables or a secret manager. - If you are not comfortable auditing the network and whatsapp_client implementation, treat this skill as higher risk and avoid installing it in privileged environments.