ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Openclaw Mention Skill

v1.0.1

Model-agnostic WhatsApp @mention skill for OpenClaw. Converts @Name, @Phone, @LID to blue clickable WhatsApp mentions with any AI model.

0· 77·1 current·1 all-time
byTAN JUN WEI@junwei1213·duplicate of @junwei1213/whatsapp-mention

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for junwei1213/openclaw-mention-skill.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Openclaw Mention Skill" (junwei1213/openclaw-mention-skill) from ClawHub.
Skill page: https://clawhub.ai/junwei1213/openclaw-mention-skill
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: node, bash, python3
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install openclaw-mention-skill

ClawHub CLI

Package manager switcher

npx clawhub@latest install openclaw-mention-skill
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included code and instructions: the package provides utilities to map names/phones to WhatsApp LIDs, an add-member CLI, and an installer that patches OpenClaw's deliver-reply and login code to produce correct mentions. Required binaries (node, bash, python3) are reasonable for the described tasks.
Instruction Scope
SKILL.md and README explicitly instruct the installer to patch OpenClaw core files to intercept outgoing messages and to read/write a local LID cache at /home/openclaw/.openclaw/workspace/LID_CACHE.json. That behavior is expected for the stated goal, but it does broaden scope to modifying application internals and reading/writing workspace files (including phone→LID mappings).
Install Mechanism
Installer is local shell script (install.sh) and embedded python edits; no external downloads or obscure URLs are used. The installer operates by locating files in /usr/lib/node_modules/openclaw/dist and editing them in place, creating backups. This is higher-privilege but matches the stated need to patch OpenClaw.
Credentials
The skill does not request environment variables, credentials, or network endpoints. It only reads/writes a local cache in the OpenClaw workspace and can install a memory guide. Required access to workspace and to the OpenClaw distribution directory is proportionate to its function.
Persistence & Privilege
The installer modifies OpenClaw core JS files and restarts the OpenClaw service to persist behavior across runs. This is coherent with the goal but is a privileged, persistent change to the platform; ensure you trust the patch and have backups before proceeding. always:false (normal).
Assessment
This skill appears to do what it claims (convert @Name/@Phone into WhatsApp LIDs) and does not request secrets or call out to external servers, but it patches OpenClaw core files and restarts the service — actions that require root or package-owner privileges and carry risk if the code is malicious or buggy. Before installing: (1) review install.sh and the exact inserted patch (the large _LID_PATCH_V10 block) line-by-line to ensure it only touches the intended files and does not add hidden network calls or credential reads; (2) verify the repository/source and maintainers, and prefer installing on a test instance first; (3) back up your OpenClaw installation (even though the script creates .bak files); (4) check the LID_CACHE contents for any sensitive phone numbers you don't want stored; (5) be prepared to run uninstall.sh to restore backed-up files — note uninstall leaves LID_CACHE.json and mention-guide.md in place. If you are uncomfortable with core-file patches, ask the maintainer for a non-invasive plugin approach or request the patch be upstreamed into OpenClaw so no local modifications are required.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binsnode, bash, python3
latestvk973xzdgd77t30z3xbydvx3g3x84bvca
77downloads
0stars
2versions
Updated 3w ago
v1.0.1
MIT-0
TAN JUN WEI@junwei1213
latest
Download

WhatsApp @Mention Skill

Make WhatsApp @mentions work reliably with any AI model in OpenClaw.

What it does

Intercepts all outgoing WhatsApp messages and automatically converts mentions to the correct format:

  • @Name@LID (blue clickable mention)
  • @PhoneNumber@LID (blue clickable mention)
  • @LID → kept as-is (already correct)

Installation

openclaw skills install whatsapp-mention

Or manually:

git clone https://github.com/junwei1213/openclaw-mention-skill.git
cd openclaw-mention-skill
bash install.sh

How to use

Just write @someone in your messages. The skill handles the rest.

The LID cache at /home/openclaw/.openclaw/workspace/LID_CACHE.json maps names to WhatsApp LIDs. Members are auto-discovered when they send messages in groups.

Add a member manually

node add-member.js --lid 123456789012345 --name "John" --phone 1234567890

Find a missing LID

Check Baileys' LID mapping files in your WhatsApp credential directory. Filenames follow the pattern lid-mapping-<LID>_reverse.json.

Re-install after OpenClaw updates

OpenClaw updates overwrite patched files. Re-run install.sh after updating.

Uninstall

bash uninstall.sh

Comments

Loading comments...