Thoughtful
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: thoughtful Version: 1.2.0 The OpenClaw AgentSkills skill bundle 'thoughtful' is designed to process WhatsApp messages (read-only) and generate communication summaries. All operations are explicitly stated to run in a sandbox, and data is stored locally. The skill uses `wacli-readonly` to access messages, preventing unauthorized sending. Cron jobs are configured to run sync and summary generation in `isolated` sessions, delivering summaries to a specific Telegram topic, which aligns with the skill's stated purpose. There is no evidence of intentional harmful behavior such as data exfiltration to unauthorized external endpoints, backdoors, or prompt injection attempts against the agent to subvert its core directives.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private WhatsApp messages that the user did not expect to be summarized may still be written to local skill storage.
The script accepts a time range but exports up to 1,000 WhatsApp messages to a persistent context file without applying a time or chat filter at fetch time.
SINCE="${1:-24h}"
...
$WACLI messages list --json --limit 1000 > "$DATA_DIR/context/recent-messages.json"Apply the selected time range and chat allowlist before writing messages to disk, and add retention or cleanup controls for raw message files.
All direct WhatsApp conversations can be placed into the summary context, including sensitive personal or business chats the user may not want analyzed.
Every direct-message conversation is included by the filter, with no per-contact opt-in, opt-out, blacklist, or priority-only limit enforced in this code path.
// Include all DMs if (chat.Kind === 'dm') return true;
Make direct-message inclusion explicitly configurable, honor opt-out lists, and show users exactly which chats will be processed before summaries are generated.
Installing and running the skill gives it access to read WhatsApp message history available through wacli-readonly.
The skill uses an authenticated WhatsApp-reading CLI. This is expected for the stated purpose and appears read-only, but it is still sensitive account access.
$WACLI messages list --json --limit 1000
Use only a trusted wacli-readonly setup, confirm it is truly read-only, and review the generated prompt before enabling automation.
A message from someone else could influence the generated summary or recommendations if it contains instruction-like text.
Raw third-party WhatsApp message text is inserted into the LLM prompt. The prompt does not explicitly tell the model to treat chat contents as untrusted data rather than instructions.
### Direct Messages (${input.dms.length} conversations):
${JSON.stringify(input.dms, null, 2)}
...
Generate the summary now:Add prompt guidance that WhatsApp messages are untrusted data and must not override the user's goal, tool limits, or output rules.
WhatsApp-derived summaries may appear in Telegram if the user enables the cron workflow.
The documented cron example can deliver the generated WhatsApp summary through Telegram. This is disclosed and user-configured, but it crosses service boundaries with private relationship data.
"deliver": true,
"channel": "telegram"Only enable Telegram delivery if that channel is private and intended; consider redacting sensitive chat details in delivered summaries.