Heleni WhatsApp

Before installing, consider these points: - This skill is instruction-only: it will not itself connect to WhatsApp. It's a local file-based memory and inbox convention that an agent/integration would need to implement separately. If you expected automated WhatsApp integration, this skill alone does not provide it. - The SKILL.md directs the agent to 'source' a .context file (/opt/.../.context). Sourcing runs shell code and can execute arbitrary commands or inject environment variables. Only allow this if you control and have audited the .context file contents. - The instructions reference undeclared environment variables (OWNER_PHONE, JID_CORE_TEAM, INBOX_FILE) and will create persistent files under $HOME/.openclaw (and earlier references to /opt). Decide where those files should live and who can read them; they may contain sensitive conversation content. - The skill mandates writing a context file after every DM, which can lead to broad local storage of message contents — consider data retention, encryption, and access control. - If you want to proceed: (1) inspect the .context file the agent would source and never allow untrusted .context files; (2) confirm or change the storage path to a safe, access-controlled directory; (3) require explicit integration code/credentials for any WhatsApp connectivity so the system behavior is clear. Additional information that would raise confidence: an explicit statement that this is only a memory helper (not a connector), the canonical location and format for .context with an example, and evidence of an official author/homepage or code that performs WhatsApp API integration. If those are provided, reassess from 'suspicious' toward 'benign.'