ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

wacli-pro

v1.0.0

Professional WhatsApp messaging via the wacli CLI. Use when the user wants the agent to message another person from their personal WhatsApp account, search c...

1· 91·0 current·0 all-time
byPrantik Medhi@prantikmedhi

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for prantikmedhi/wacli-pro.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "wacli-pro" (prantikmedhi/wacli-pro) from ClawHub.
Skill page: https://clawhub.ai/prantikmedhi/wacli-pro
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install wacli-pro

ClawHub CLI

Package manager switcher

npx clawhub@latest install wacli-pro
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill is explicitly a wacli-based WhatsApp messaging helper, but the registry metadata lists no required binaries or credentials. In practice the runtime instructions assume a locally installed and authenticated 'wacli' CLI and access to the user's files (for attachments). The skill should have declared 'wacli' as a required binary and documented how authentication is handled; the omission is an incoherence.
Instruction Scope
SKILL.md stays on task: it instructs using wacli commands to list chats, search/backfill history, draft messages, and send text/files, and it enforces confirmation before sending. This will cause the agent to read chat history via wacli and to reference local filesystem paths when attaching files — behavior consistent with the described purpose but also sensitive (it accesses personal chat history and local files).
Install Mechanism
Instruction-only skill with no install steps or remote downloads, so nothing is written to disk by the skill itself. Low install risk. However, it implicitly depends on an external binary (wacli) which is not declared.
Credentials
The skill requires no environment variables or credentials in the manifest, which is appropriate since auth is handled by the local wacli CLI. That said, the manifest should explicitly document that local wacli authentication/state is required (and where tokens/config live) so users understand what local secrets the skill will rely on.
Persistence & Privilege
No elevated persistence requested (always:false). The skill does not claim to modify other skills or system-wide settings. Autonomous invocation is allowed (platform default) but not combined with other high-risk flags.
What to consider before installing
This appears to be a legitimate WhatsApp CLI helper, but it has two practical gaps you should be comfortable with before installing: (1) the manifest does not declare the required 'wacli' binary or explain how local WhatsApp authentication is handled, and (2) there is no source/homepage or publisher info to verify provenance. Before using it: ensure you already have a trustworthy wacli installation, confirm where that tool stores auth tokens and whether you trust it, and verify the skill will only run wacli commands you approve (inspect or request the skill author to add 'requires.binaries: wacli' and a source URL). Be cautious when sending attachments or allowing history backfills — these operations access personal chat data and local files. The absence of scanner findings only means the skill is instruction-only; it does not guarantee safety.

Like a lobster shell, security has layers — review code before you run it.

latestvk973z5r3j4yq8gzc1wrsgker1h853q39
91downloads
1stars
1versions
Updated 1w ago
v1.0.0
MIT-0
Prantik Medhi@prantikmedhi
latest
Download

Wacli Pro

Send WhatsApp messages through wacli in a way that feels intentional, human, and context-aware.

Quick workflow

  1. Confirm the recipient, goal, and message constraints.
  2. If context matters, inspect recent chat history before drafting.
  3. Draft a message that sounds like the user, not like an assistant.
  4. Confirm the final text before sending.
  5. Send with wacli and report exactly what was sent.

Command set

Use these commands directly:

wacli doctor
wacli auth
wacli sync --follow
wacli chats list --limit 20 --query "name or number"
wacli messages search "query" --limit 20 --chat <jid>
wacli history backfill --chat <jid> --requests 2 --count 50
wacli send text --to "+14155551212" --message "Hello! Running 10 minutes late."
wacli send file --to "+14155551212" --file /path/file.pdf --caption "Here it is"

Use --json when parsing output.

Drafting rules

Write like a competent human using their own WhatsApp, not like support automation.

  • Prefer short natural sentences.
  • Match the relationship and context, for example friend, colleague, family, vendor, recruiter.
  • Keep openings simple: Hey, Hi, the person's name, or no greeting when the thread already has context.
  • Use specific details instead of generic filler.
  • Make requests clear and easy to answer.
  • Keep warmth subtle. One emoji is fine when it genuinely fits. Zero is usually better for work messages.
  • Never mention being an AI unless the user explicitly wants that.
  • Never send templated phrasing like I hope this message finds you well unless the user asks for formal style.

Avoid these failure modes:

  • Over-explaining
  • Corporate boilerplate
  • Long bullet-heavy messages in casual chats
  • Fake enthusiasm
  • Obvious AI phrases like Certainly, Kindly note, As discussed, Please do the needful

Tone calibration

Choose the lightest tone that still achieves the goal.

Casual

Use for friends, family, and familiar contacts.

Pattern:

  • short opener
  • one clear point
  • optional quick follow-up question

Example:

Hey, are you free for a quick call tomorrow evening? Need your help with one thing.

Professional and warm

Use for coworkers, clients, recruiters, and semi-formal contacts.

Pattern:

  • direct context
  • clear request or update
  • polite close only if needed

Example:

Hi Ananya, sharing the updated deck here. If it works for you, please review slides 7 to 11 when you get a chance.

Firm and concise

Use for nudges, payment follow-ups, scheduling, and boundary-setting.

Pattern:

  • reference prior context
  • state the ask plainly
  • include the next step or deadline

Example:

Hi, following up on the invoice from 12 April. Please let me know if you need anything from my side, otherwise I’d appreciate the payment this week.

Context-first messaging

Before drafting a reply in an existing conversation, search or backfill first when any of these are true:

  • the user says reply, follow up, answer them, or continue the chat
  • the relationship or prior promise matters
  • dates, prices, attachments, or commitments may already exist in the thread
  • the user asks you to sound natural or like them

Suggested sequence:

  1. wacli chats list --query "name or number" --json
  2. wacli messages search "recent keyword" --chat <jid> --limit 20 --json
  3. wacli history backfill --chat <jid> --requests 2 --count 50
  4. Draft from the actual context, not assumptions.

Confirmation policy

Require explicit confirmation before sending.

Confirm these items in one compact line when possible:

  • recipient
  • final message text
  • attachment, if any

If the user already provided exact recipient and exact text and clearly asked to send it now, send it without a second stylistic review, but still restate what was sent afterward.

Safety and privacy

  • Do not use wacli for the user’s direct chat with OpenClaw.
  • Do not guess recipients.
  • If multiple matching chats exist, ask which one.
  • If the requested message could be sensitive, high-impact, or relationship-damaging, offer a draft first.
  • Keep personal data exposure to the minimum needed for the send.

Troubleshooting

Run wacli doctor first.

If authenticated but not connected:

  • run wacli sync --follow
  • verify the phone is online
  • retry search or send after connection is restored

If chat lookup is weak:

  • search by number instead of name
  • run backfill for that chat
  • use narrower keywords and date windows

References

Read these only when needed:

  • references/message-patterns.md for reusable message shapes and examples
  • references/history-workflow.md for context gathering before replying

Comments

Loading comments...