Whassist
ReviewAudited by ClawScan on May 13, 2026.
Overview
Whassist appears to be a coherent Whassist/WhatsApp integration, but it handles sensitive WhatsApp data, stores a Whassist API key, and can send messages after confirmation.
This looks purpose-aligned and not malicious based on the provided artifacts. Before installing, make sure you trust Whassist with your WhatsApp conversation data, protect the stored API key in OpenClaw config, and only confirm message sends after checking the exact recipient and text.
Publisher note
Whassist plugin registers OpenClaw tools. It calls https://app.wh-assist.com/api/v1 to exchange a user-provided one-time connect code, stores the returned API key in OpenClaw plugin config without printing it, and reads/searches/summarizes WhatsApp conversation data through the user's Whassist API key. Message sending requires explicit user confirmation.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who can access the OpenClaw plugin config may be able to obtain or abuse the Whassist credential, depending on local protections.
The skill persists a Whassist API key in OpenClaw configuration. This is disclosed and purpose-aligned, but it is sensitive delegated account access.
this plugin stores the exchanged credential in OpenClaw plugin config marked as sensitive. Move this to a first-class OpenClaw SecretRef-backed storage path...
Protect the OpenClaw config file, revoke Whassist OpenClaw keys if the machine or gateway is compromised, and prefer stronger secret storage when available.
WhatsApp-related questions, context, and returned conversation data may be processed by Whassist outside the local OpenClaw session.
The plugin sends user prompts and optional conversation history to the Whassist provider API. This is expected for the service, but it is a sensitive provider data flow.
callWhassist(config, '/agent/message', { method: 'POST', body: JSON.stringify({ message: params.message, ...(params.history ? { history: params.history } : {}) }) })Install only if you trust Whassist with the relevant WhatsApp conversation data and understand its privacy/account controls.
A message from someone else could contain misleading instructions or content that the agent might over-trust if not handled carefully.
WhatsApp messages and summaries can be retrieved into the agent's context. Contact-authored message text should be treated as data, not as instructions to the agent.
Use `whassist_ask_agent` by default... combining information across chats... Use direct tools only when the user needs exact raw data
Treat retrieved WhatsApp content as untrusted evidence and confirm important actions with the user before acting on it.
If the user or agent confirms the wrong target or text, an unintended WhatsApp message could be sent.
The tool can send WhatsApp messages through Whassist, but the code includes a confirmation gate and the skill instructions require exact target and message review first.
if (params.confirmed !== true) { return textResult('Confirmation required before sending...'); } ... method: 'POST', body: JSON.stringify({ text: params.text })Before confirming, verify the exact chat/contact/group and the exact message text; avoid blanket or ambiguous confirmations.
The plugin code runs inside the OpenClaw environment after installation.
Installing the package registers executable plugin code and uses an npm dependency. This is normal for an OpenClaw plugin, but it is still a package trust boundary.
"openclaw": { "extensions": ["./dist/index.js"] }, "dependencies": { "@sinclair/typebox": "^0.34.49" }Install from the expected ClawHub/package source and keep the plugin updated.