ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Notifyer by WhatsAble

v1.0.0

Create and manage a Notifyer by WhatsAble account — signup, login, retrieve the authenticated user, check WhatsApp connection status, manage subscription pla...

0· 102·0 current·0 all-time
by@whatsable

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for whatsable/agent-skills-by-notifyer.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Notifyer by WhatsAble" (whatsable/agent-skills-by-notifyer) from ClawHub.
Skill page: https://clawhub.ai/whatsable/agent-skills-by-notifyer
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install agent-skills-by-notifyer

ClawHub CLI

Package manager switcher

npx clawhub@latest install agent-skills-by-notifyer
Security Scan
Capability signals
CryptoCan make purchasesRequires OAuth tokenRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The scripts and references implement account signup, login, workspace/team/label management and WhatsApp connection checks consistent with the skill description. However registry metadata (shown to the platform) claims no required environment variables while the SKILL.md, clawhub.json, and many scripts clearly require NOTIFYER_API_BASE_URL and NOTIFYER_API_TOKEN. The package also contains references to a GitHub repository and homepage in clawhub.json but the skill source/homepage were reported 'unknown' — another discrepancy.
!
Instruction Scope
Runtime instructions are to set NOTIFYER_API_BASE_URL and NOTIFYER_API_TOKEN and run the provided Node scripts; the scripts call the Notifyer Console API endpoints and generally limit scope to that API. However an automated scanner flagged a 'system-prompt-override' pattern inside SKILL.md (prompt-injection signal). I did not find explicit instructions in the visible scripts that read unrelated system files, but the prompt-injection flag in the documentation is unexpected for this purpose and could indicate an attempt to influence agent behavior or evaluation. Reviewers should inspect the full SKILL.md and the scripts/lib/notifyer-api.js to ensure no instructions request unrelated credentials or perform unexpected network exfiltration.
Install Mechanism
No install spec — the skill is delivered as scripts bundled in the package. There is no remote download URL or extracted archive. This lowers install-time risk: nothing is fetched from arbitrary URLs during installation. The package includes many script files, but they run locally with Node.js.
!
Credentials
The scripts legitimately require two environment variables (NOTIFYER_API_BASE_URL and NOTIFYER_API_TOKEN) to talk to the Console API, which is proportionate. However the registry metadata published with the skill claims 'Required env vars: none' and the skill manifest in-cloak lists them as required — an incoherence. Additionally the skill did not declare a primary credential in the registry metadata while the SKILL.md explicitly treats NOTIFYER_API_TOKEN as the auth token. These mismatches are suspicious and should be resolved before trusting the package.
Persistence & Privilege
The skill does not request always:true and does not claim to modify other skills or system-wide agent settings. Default autonomous invocation is allowed (platform default). There is no evidence the skill attempts to persist itself beyond its files.
Scan Findings in Context
[system-prompt-override] unexpected: A prompt-injection pattern was detected in SKILL.md. For a workspace/API management skill this is unexpected; it may be a false positive from scanned markdown, but it should be inspected manually to confirm the SKILL.md does not contain instructions trying to override agent/system prompts or otherwise manipulate the agent evaluation/runtime behavior.
What to consider before installing
What to consider before installing: - Do not run these scripts until you verify their origin. The package files implement the advertised Notifyer API calls and require two env vars: NOTIFYER_API_BASE_URL and NOTIFYER_API_TOKEN (the registry listing omitted them). That mismatch is suspicious. - Inspect scripts/lib/notifyer-api.js and any loadConfig implementation to see exactly which environment variables, files, or network endpoints are read/sent. Confirm the token is only used to call the documented api.insightssystem.com endpoints and not exfiltrated to other domains. - The SKILL.md triggered a 'system-prompt-override' scanner warning; open the SKILL.md and search for any text that attempts to manipulate agent/system prompts or request secrets beyond the Notifyer token. If present, do not install. - Prefer obtaining the skill from a verifiable upstream source (official WhatsAble/GitHub repo) rather than an unknown registry entry. If you must run it, do so in an isolated environment (ephemeral VM or container) and avoid exporting long-lived credentials globally — use a temporary or least-privilege API token. - If you are not comfortable auditing the code, ask for the upstream repository link (verify it matches the package content) or request a trimmed-down official client that declares the primary credential (NOTIFYER_API_TOKEN) in registry metadata. Additional info that would change this assessment: confirmation that the registry metadata is updated to declare the required env vars and primary credential, a verified upstream repository/homepage, and manual confirmation that SKILL.md contains no prompt-injection instructions and notifyer-api.js only communicates with documented endpoints.
scripts/add-note.js:59
Environment variable access combined with network send.
scripts/assign-bot.js:54
Environment variable access combined with network send.
scripts/assign-label.js:58
Environment variable access combined with network send.
scripts/delete-scheduled.js:45
Environment variable access combined with network send.
scripts/get-notes.js:57
Environment variable access combined with network send.
scripts/lib/notifyer-api.js:31
Environment variable access combined with network send.
scripts/lib/notifyer-api.js:31
Environment variable access combined with network send.
scripts/lib/notifyer-api.js:31
Environment variable access combined with network send.
scripts/list-recipients.js:63
Environment variable access combined with network send.
scripts/remove-label.js:48
Environment variable access combined with network send.
scripts/send-attachment.js:68
Environment variable access combined with network send.
scripts/send-template.js:80
Environment variable access combined with network send.
scripts/set-handoff.js:45
Environment variable access combined with network send.
scripts/update-recipient.js:57
Environment variable access combined with network send.
!
scripts/create-broadcast.js:136
File read combined with network send (possible exfiltration).
!
scripts/send-attachment.js:61
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97005rvavpdszwaarap04dzmn85999y
102downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
@whatsable
latest
Download

setup-notifyer

Scripts for managing a Notifyer account via the Console API (https://api.insightssystem.com). All Console API requests authenticate with Authorization: Bearer <token>.

Setup

cd skills/setup-notifyer
npm install          # no dependencies required yet (uses built-in fetch)

Set environment variables:

export NOTIFYER_API_BASE_URL="https://api.insightssystem.com"
export NOTIFYER_API_TOKEN="<jwt-token>"   # from login.js

How-to

Create a new Notifyer account

node scripts/create-account.js \
  --name "Jane Smith" \
  --email jane@company.com \
  --password "Secure@123" \
  --phone 14155550123

--reason is optional (shown as "(optional)" in the signup UI). Supply it to help the support team understand the use case.

Returns { ok: true, data: { authToken, user, apiKey } } on success. The authToken can be used immediately as NOTIFYER_API_TOKEN.

Login to an existing account

node scripts/login.js \
  --email jane@company.com \
  --password "Secure@123"

Returns { ok: true, data: { authToken } }.

export NOTIFYER_API_TOKEN="<authToken from above>"

Get the currently authenticated user

node scripts/get-me.js

Returns { ok: true, data: { id, name, email, role, phone_number, ... } }.

Run a pre-flight health check (start here when debugging)

node scripts/doctor.js
node scripts/doctor.js --pretty   # human-readable pass/fail report to stderr

Validates all four prerequisites in one command:

  1. NOTIFYER_API_BASE_URL — set and starts with https://
  2. Token (NOTIFYER_API_TOKEN) — valid and accepted by /auth/me
  3. WhatsApp connection — isConnected: true (and detects degraded Meta states)
  4. Plan status — subscription is active, trialing, or new_user

Returns { ok: true, data: { all_healthy: true, checks: { base_url, token, connection, plan } } }. Returns { ok: false, ... } (exit 1) if any check fails, with a fix hint for each failure.

Run doctor.js before any other script when troubleshooting unexpected failures.

Check WhatsApp connection status

node scripts/get-connection-status.js
node scripts/get-connection-status.js --pretty   # human-readable summary to stderr

Returns { ok: true, data: { isConnected, degraded, meta_errors, has_embedded_user, registration, subscription, payment_method_added, is_template_has, is_message_tested, is_profile_picture_added, onboarding_steps_completed } }.

isConnected = true means the phone number has both successful Meta registration and subscription — it is ready to send messages.

degraded = true means isConnected is true but Meta returned hidden errors inside the whatsapp_response payload (e.g. two-step PIN mismatch, account restricted). Always check degraded alongside isConnected — a degraded connection may fail silently. meta_errors contains the extracted error details as a string array.

Force-refresh WhatsApp registration status with Meta

Use this when get-connection-status.js shows a failed or stale registration/subscription, or after connecting a new number in the console.

node scripts/refresh-connection.js
node scripts/refresh-connection.js --pretty

Returns the same shape as get-connection-status.js.

Daily limit warning: Meta limits how many times per day re-registration can be attempted. If the response indicates a limit error, wait 24 hours before retrying.

List available subscription plans

node scripts/list-plans.js                           # all plans
node scripts/list-plans.js --billing monthly         # monthly only
node scripts/list-plans.js --billing annual          # annual only
node scripts/list-plans.js --tier pro                # Pro tier only
node scripts/list-plans.js --tier basic --billing monthly
node scripts/list-plans.js --pretty                  # human-readable table to stderr

Returns all plan tiers grouped by { monthly: { basic, pro, agency }, annual: { ... } }. Each tier entry contains id, price (in dollars), unique_numbers (contact limit), stripe_price_id, and What_it_includes.

Plans: basic = Bulk Message (no integrations/bots), pro = full features, agency = Pro + multiple phone numbers.

Get current subscription and usage

node scripts/get-user-plan.js
node scripts/get-user-plan.js --pretty

Returns { usages, latest_plan: { status, plan_amount, unique_number_limit, total_unique_number_count, end_time, ... } }. plan_amount is in cents — the script adds a plan_amount_dollars convenience field.

List team members

node scripts/list-members.js                         # all members
node scripts/list-members.js --page 1 --per-page 25 # paginate
node scripts/list-members.js --labels                # also show available label names
node scripts/list-members.js --pretty                # human-readable table to stderr

Returns { items: TeamMember[], team_seat: { included_seats } }. Members are sorted by role (Super Admin → Admin → Team Member (All Labels) → Team Member).

Add a team member

node scripts/invite-member.js \
  --name "Jane Smith" \
  --email jane@company.com \
  --password "Secure@2024" \
  --role "Team Member" \
  --labels "Sales,Support"

Creates a full account immediately (no email invite flow). Share credentials out-of-band. Assignable roles: Admin, Team Member (All Labels), Team Member. Labels (comma-separated) are only used for Team Member role — Admin roles get all labels automatically.

Change role, labels, name, or password

# Promote to Admin
node scripts/update-member.js --id <id> --role Admin

# Assign new labels (replaces current list)
node scripts/update-member.js --id <id> --labels "Sales,VIP"

# Clear all labels
node scripts/update-member.js --id <id> --labels ""

# Rename + reset password
node scripts/update-member.js --id <id> --name "John Doe" --password "NewPass@99"

There is no separate change-role endpoint — role, labels, name and password are all updated through the same PATCH /api:-4GSCDHb/auth/user call. The script auto-fetches current values and only changes what you supply.

Remove a team member

node scripts/remove-member.js --id <id> --confirm

Permanent and immediate. --confirm is required to prevent accidental deletion. Super Admin (account owner) cannot be removed.

List workspace labels

node scripts/list-labels.js
node scripts/list-labels.js --pretty   # human-readable table to stderr

Returns { labels: Label[], count: n }. Each label has id, label (display name), keywords (auto-assignment triggers), user_id, and created_at.

Super Admin and Admin see all workspace labels. Team Members see only the labels assigned to their account.

Create a workspace label

node scripts/create-label.js --label "Sales"
node scripts/create-label.js --label "Support" --keywords "help,issue,ticket"

Label names must be unique. keywords are comma-separated trigger words that auto-assign the label when a contact message contains a match.

Update a label's name or keywords

# Add keywords
node scripts/update-label-keywords.js --id 5 --add "urgent,priority"

# Remove a keyword
node scripts/update-label-keywords.js --id 5 --remove "old-keyword"

# Replace the entire keyword list
node scripts/update-label-keywords.js --id 5 --set "buy,purchase,order"

# Clear all keywords
node scripts/update-label-keywords.js --id 5 --set ""

# Rename a label
node scripts/update-label-keywords.js --id 5 --label "VIP Customers"

--add, --remove, and --set are mutually exclusive. The script fetches the current label first so unchanged fields are preserved.

Delete a workspace label

node scripts/delete-label.js --id 5 --confirm

Permanent and immediate. --confirm is required to prevent accidental deletion. After deletion, manually remove the label from any team members that had it assigned using update-member.js --labels.

Get the Developer API key

node scripts/get-api-key.js
node scripts/get-api-key.js --pretty   # prints key to stderr for easy copying

Returns { id, api_key, user_id, created_at }.

The api_key value is the credential used by Make, Zapier, n8n, and custom scripts to send messages via the developer API. It authenticates as a raw Authorization header (no Bearer prefix) — different from NOTIFYER_API_TOKEN.

Rules

  • Three distinct auth modes — Console (Bearer <jwt>), Chat (<jwt> raw), Developer (<api_key> raw). The console JWT and the Developer API key are different credentials. get-api-key.js uses console auth to retrieve the key; the key itself is then used by external tools as a raw Authorization header.
  • API key requires Pro or Agency plan — the key can be fetched on any plan, but using it for automation (Make, Zapier, n8n, developer API calls) requires Pro or Agency. Basic (Bulk Message) plan accounts are blocked. Always verify plan status with get-user-plan.js before directing a user to set up integrations.
  • Use "Notifyer Systems" module in Make/Zapier/n8n — the console explicitly warns against using the "WhatsAble" module. Direct users to the "Notifyer Systems" module specifically when setting up external automations.
  • API key is fixed — there is no rotate or regenerate endpoint. Treat api_key as a long-lived secret; store it in env vars, never in source control.
  • send_template_message_by_api uses the API key, not the JWT — when calling POST /api:hFrjh8a1/send_template_message_by_api, set Authorization: <api_key> (no Bearer). phone_number is passed as text here (unlike console APIs where it is an integer).
  • sub_channel: "onboarding_test" is a special mode that updates embedded_users and is only for test sends. Omit sub_channel (or pass "") for production sends.
  • Label endpoints use chat authlist-labels.js, create-label.js, update-label-keywords.js, and delete-label.js all use Authorization: <token> (no Bearer prefix). The same NOTIFYER_API_TOKEN from login.js works — notifyer-api.js handles the format difference via AUTH_MODE_CHAT.
  • GET labels is role-filtered — Admin/Super Admin see all labels; Team Members see only their assigned labels. Always use an Admin token for label management.
  • Label names must be uniquecreate-label.js returns { ok: false, blocked: true } if a label with the same name already exists.
  • keywords is a full replacementupdate-label-keywords.js --set replaces the entire list. Use --add / --remove to make incremental changes.
  • No GET-by-ID in the web groupupdate-label-keywords.js and delete-label.js both call GET /web/label_management to look up the target by id before mutating.
  • DELETE returns no body — Xano returns an empty response for label deletion; the script synthesises { deleted: true, id, label } from the pre-flight fetch.
  • Deleting a label does not remove it from members — after delete-label.js, update affected team members manually with update-member.js --labels.
  • phone_number must be a number — send as integer (e.g. 14155550123), not a string. Xano types this field as integer.
  • Password requirements — minimum 8 characters; must include: uppercase, lowercase, number, and special character (e.g. @!#$%^&*).
  • Email is lowercased — the frontend lowercases email before sending. Scripts do the same automatically.
  • Origin header is injected automatically. notifyer-api.js adds Origin: https://console.notifyer-systems.com for console-mode requests and Origin: https://chat.notifyer-systems.com for chat-mode requests. You never need to pass it manually. If a script sets Origin via extraHeaders, that value takes precedence. This fixes a class of silent 401s that occurred when the header was missing on Xano endpoints that validate it.
  • Token storage — store authToken in NOTIFYER_API_TOKEN. Never commit tokens to source control.
  • Duplicate email — signup fails with a Xano precondition error if the email already exists. The script surfaces this as { ok: false, error: "..." }.
  • Signup side effects — a single signup call automatically creates the user record, an API key record, a subscriber_packages (plan) record, and fires a Make webhook. No additional calls are needed.
  • No email invitation flowinvite-member.js creates the account directly. Share credentials with the new member out-of-band. There is no "pending invite" state.
  • update-member.js fetches current state first — you only need to supply the fields you want to change; unchanged fields are read from the existing member and re-sent.
  • labels replaces, not appendsupdate-member.js --labels "Sales" sets labels to exactly ["Sales"], removing any previous ones.
  • Super Admin is immutable — the account owner cannot be created, modified, or deleted via any script.
  • Roles for Admin/TM-All auto-clear labelsupdate-member.js sends labels: [] automatically when the effective role is not Team Member.
  • plan_amount is in centslatest_plan.plan_amount is in cents (Stripe convention). get-user-plan.js adds a plan_amount_dollars field for convenience.
  • Subscription is browser-onlyPOST /api:Mk_r6mq0/sessions creates a Stripe checkout session that requires a browser redirect. Agents cannot subscribe on behalf of a user — direct them to https://console.notifyer-systems.com/pricing-plans.
  • Check plan before messaging — gate send actions with status ∈ ["active","trialing"] and usages < unique_number_limit.
  • WhatsApp connection is 1:1 — each Notifyer account is connected to exactly one WhatsApp Business number. There is no "list phone numbers" endpoint. get-connection-status.js returns the status of that single number.
  • isConnected vs has_embedded_userhas_embedded_user means a Meta Facebook account has been linked. isConnected (registration.success && subscription.success) means WhatsApp messaging is actually ready. Always check isConnected before sending messages.
  • Daily limit on refreshrefresh-connection.js re-triggers Meta registration. Meta rate-limits this per day. If you see a daily limit error, wait 24 hours.

API group IDs

Notifyer's backend uses Xano-style API group IDs in the URL path:

GroupPrefixUsed for
Auth/api:-4GSCDHbSignup, login, get-me, api_key, team member CRUD
Message Sending/api:hFrjh8a1Send template messages via Developer API key
WhatsApp Connection/api:P5grzx1uConnection status, Meta re-registration
Web/Console/api:bVXsw_FDLabel CRUD (/web/label_management), recipients, team
Roles/api:eWoClqoZGet available label names for member assignment
Plans/api:JZAUyiCsPlan listing and selection

Scripts

<!-- FILE MAP START -->
FileDescription
scripts/lib/notifyer-api.jsBase HTTP client — loads config, sends requests, handles errors
scripts/lib/args.jsCLI argument parser (flags, booleans, numbers)
scripts/lib/result.jsStandard output helpers — ok(), err(), printJson()
scripts/create-account.jsPOST /api:-4GSCDHb/auth/signup — create a new Notifyer account
scripts/login.jsPOST /api:-4GSCDHb/auth/login — login and get an auth token
scripts/get-me.jsGET /api:-4GSCDHb/auth/me — get the authenticated user's profile
scripts/get-connection-status.jsGET /api:P5grzx1u/is_user_embedded — WhatsApp connection status
scripts/refresh-connection.jsPOST /api:P5grzx1u/refresher_of_registration_subscription — force re-sync with Meta
scripts/list-plans.jsGET /api:JZAUyiCs/plans?filter=… — list available subscription plan tiers
scripts/get-user-plan.jsGET /api:JZAUyiCs/user_plan — current subscription and usage
scripts/list-members.jsGET /api:-4GSCDHb/auth/get_team_member — list team members; --labels also fetches available label names
scripts/invite-member.jsPOST /api:-4GSCDHb/auth/create_team_member — create a team member account
scripts/update-member.jsPATCH /api:-4GSCDHb/auth/user — update role, labels, name, or password
scripts/remove-member.jsDELETE /api:-4GSCDHb/auth/delete_team_member/:id — permanently remove a member
scripts/list-labels.jsGET /api:bVXsw_FD/web/label_management — list workspace labels (role-filtered)
scripts/create-label.jsPOST /api:bVXsw_FD/web/label_management — create a new label
scripts/update-label-keywords.jsPATCH /api:bVXsw_FD/web/label_management/:id — update name or keywords (fetch-then-patch)
scripts/delete-label.jsDELETE /api:bVXsw_FD/web/label_management/:id — permanently delete a label
scripts/get-api-key.jsGET /api:-4GSCDHb/api_key — retrieve the Developer API key for Make/Zapier/n8n
scripts/doctor.jsPre-flight health check — validates base URL, token, WhatsApp connection, and plan status in one command
<!-- FILE MAP END -->

References

  • references/account-reference.md — Full API reference for auth endpoints, field types, error codes, and token usage
  • references/whatsapp-connection-reference.md — Connection status fields, onboarding checklist, rate limits, and architecture notes
  • references/plans-reference.md — Plan filters, PricingTier shape, LatestPlan fields, status values, billing model
  • references/team-reference.md — Role system, team member CRUD endpoints, label assignment rules, common workflows
  • references/labels-reference.md — Label data model, all CRUD endpoints, keyword auto-assignment behaviour, role-filtering rules
  • references/api-key-reference.md — Developer API key retrieval, all three auth modes, and send_template_message_by_api reference for Make/Zapier/n8n

Assets

  • assets/signup-example.json — Example signup request payload
  • assets/connection-status-example.json — Example connection status response
  • assets/user-plan-example.json — Example response from get-user-plan.js

Security Notes

  • NOTIFYER_API_BASE_URL must be https://. All three skills enforce this at startup — any http:// or non-HTTPS URL is rejected immediately to prevent tokens being sent unencrypted or to a rogue host.
  • --password is visible in the OS process list. CLI flags are readable via ps aux or /proc/<pid>/cmdline for the lifetime of the process. On shared or monitored machines, prefer injecting credentials via environment variables or a secrets manager rather than bare CLI flags.
  • The JWT token from login.js is printed to stdout. This is by design — the agent must capture it to export NOTIFYER_API_TOKEN. In orchestrated environments, ensure stdout is not persisted to unprotected logs. Treat the token like a session cookie.
  • The Developer API key from get-api-key.js is printed to both stdout and stderr. Store it immediately in a secrets manager. It provides direct WhatsApp send access without a session login.
  • Zero npm dependencies. All three skills use only Node.js built-ins — there is no supply chain risk from third-party packages.

Limitations

  • WhatsApp initial connection requires a browser. The QR scan / embedded signup flow (WABA onboarding) cannot be scripted. An admin must complete it once via the Notifyer console UI (console.notifyer-systems.com). After that, get-connection-status.js and refresh-connection.js can manage the connection programmatically.
  • WhatsApp OTP verification is browser-only. The PATCH /api:0hqyGRIz/whatsapp_verification/{userId} endpoint (OTP submission during phone re-authentication) is triggered by the console UI. There is no script for this flow.
  • WhatsApp Business Account (WABA) and Meta Business Suite setup must be done manually. Phone number registration, business verification, and WABA approval are Meta-side processes outside the Notifyer API.
  • Account creation is irreversible via script. create-account.js creates a full Notifyer workspace. There is no delete-account endpoint.
  • Password recovery must be done via the Notifyer web UI. The reset flow (GET /reset_password?email= to trigger email + PATCH /reset_password to set the new password) requires the user to click a link in the email. There is no agent-accessible reset path that bypasses the email step.
  • refresh-connection.js re-syncs an existing connection. It cannot re-initiate a fully disconnected or revoked WABA — that requires going through the browser-based embedded signup again.
  • Plan upgrades, downgrades, and credit purchases are browser-only (Stripe). list-plans.js and get-user-plan.js are read-only. Changing plans (POST /api:Mk_r6mq0/sessions), accessing the billing portal (POST /api:Mk_r6mq0/portal), and buying credits (POST /api:Mk_r6mq0/add_credits) are Stripe redirect flows — not scriptable.
  • Profile picture uploads and onboarding step markers are UI-only. PATCH /profile_picture_update, PATCH /payment_method_update, and PATCH /test_message_update are completion flags set by the console onboarding UI. There are no scripts for these — they do not affect core messaging functionality once the account is set up.
  • Super Admin role cannot be assigned via script. Only Admin and Team Member roles are assignable through update-member.js. Super Admin is set by Notifyer at workspace creation.
<!-- FILEMAP:BEGIN --> 
[setup-notifyer file map]|root: .
|.:{package.json,SKILL.md}
|assets:{connection-status-example.json,signup-example.json,user-plan-example.json}
|references:{account-reference.md,api-key-reference.md,labels-reference.md,plans-reference.md,team-reference.md,whatsapp-connection-reference.md}
|scripts:{create-account.js,create-label.js,delete-label.js,doctor.js,get-api-key.js,get-connection-status.js,get-me.js,get-user-plan.js,invite-member.js,list-labels.js,list-members.js,list-plans.js,login.js,refresh-connection.js,remove-member.js,update-label-keywords.js,update-member.js}
|scripts/lib:{args.js,notifyer-api.js,result.js}
<!-- FILEMAP:END -->

Comments

Loading comments...