ClawHub

openclaw-whatsapp-gif

v1.0.1

Source and send relevant reaction GIFs in WhatsApp chats using safe filters and deterministic ranking. Use when the user asks for a GIF/meme/reaction, or whe...

0· 536·0 current·0 all-time
by@witty-quotes25
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match what the code and SKILL.md implement: searching Tenor/Giphy (via optional TENOR_API_KEY/GIPHY_API_KEY), applying blocklists/safe filters, ranking candidates, and producing a WhatsApp message payload or local file. No unrelated credentials or binaries are requested.
Instruction Scope
Instructions are specific about running the included scripts and using the message tool. The skill downloads remote media, writes temp cache files, reads optional API keys and a local references/policy.json, and (if enabled by policy) may web-scrape Tenor. These behaviors are documented in SKILL.md and limited to media fetching and local logging; they are within expected scope but worth reviewing if you need stricter host/policy constraints.
Install Mechanism
No install spec is present (instruction-only with included scripts). No packages or remote install URLs are fetched by an installer. Runtime network I/O is limited to provider APIs and optional web-scrape.
Credentials
No required env vars; TENOR_API_KEY and GIPHY_API_KEY are optional and appropriate for provider access. The skill does not ask for unrelated secrets or system credentials.
Persistence & Privilege
always:false and no system-wide config changes. The skill writes temporary cache and an optional telemetry log under the OS temp directory and uses a local references/policy.json for runtime policy. openai.yaml sets allow_implicit_invocation:true (implicit/automatic invocation), which is reasonable for a messaging helper but worth awareness.
Assessment
This skill appears to do what it says: look up safe GIFs and prepare/send a WhatsApp payload. Before installing, consider: 1) Provide TENOR_API_KEY/GIPHY_API_KEY only if you want provider results; otherwise it will use the built-in safe catalog. 2) It downloads media to the OS temp directory (cache and optional telemetry log). If you have storage or privacy concerns, inspect/override references/policy.json (allowedMediaHosts, allowRemoteUrlFallback, enableTelemetryLog, cacheDir, logFile). 3) Web-scrape fallback and remote-URL fallback are disabled by default; enable them only if you trust those behaviors. 4) The skill hands off a payload to your platform's message tool — verify that tool enforces delivery policies and handles local file attachments safely. 5) Avoid running the integration_test with real phone numbers. Overall the skill is internally consistent and proportional to its purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk971etef8c9qgmveym2m7gdqth81fdnb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments