ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

WhatsApp Business Automation by WhatsAble

v1.0.2

Full three-phase agent skills suite for Notifyer by WhatsAble. Phase 1 (setup-notifyer): account signup, login, WhatsApp connection status, subscription plan...

0· 0·0 current·0 all-time
by@whatsable
Security Scan
Capability signals
CryptoCan make purchasesRequires OAuth tokenRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description and the included Node.js scripts align: the files implement account setup, templates, bots, broadcasts, webhooks and chat operations against a Notifyer API. However the registry metadata (as presented at the top) claims no required environment variables or primary credential, whereas the SKILL.md and included clawhub.json repeatedly require NOTIFYER_API_BASE_URL and NOTIFYER_API_TOKEN. That mismatch between advertised registry requirements and the actual instructions/files is unexpected and should be clarified.
!
Instruction Scope
The SKILL.md instructs agents and users to set NOTIFYER_API_BASE_URL and NOTIFYER_API_TOKEN and to run many node scripts (login.js, doctor.js, create-broadcast.js, etc.). Those instructions are functionally within scope for a Notifyer integration. However a pre-scan flag indicates a 'system-prompt-override' prompt-injection pattern was detected in SKILL.md content — this suggests parts of the skill documentation may attempt to instruct an agent to change its behavior or system prompt, which is out-of-scope and dangerous. Also the published registry fields omit the env vars required by the runtime instructions; that inconsistency widens the scope-concern.
Install Mechanism
There is no install spec (no network downloads, no brew/npm installs), and the repo bundles many self-contained Node.js scripts that use only built-in APIs. This is lower install risk than fetching remote archives, but the package includes 100+ script files that would be written to disk when the skill is added — review them before executing. The mismatch between 'instruction-only' and the actual included code files is also noteworthy but not inherently malicious.
!
Credentials
The required environment access asserted by the SKILL.md — NOTIFYER_API_BASE_URL and NOTIFYER_API_TOKEN (JWT) and an optional NOTIFYER_CHAT_ORIGIN — is proportional to the described API integration. That said, the registry metadata claims no required envs/primary credential; this contradiction is suspicious and could lead to unexpected token usage. The scripts include a get-api-key.js to fetch a developer API key (used for Make/Zapier/n8n), which is expected for this product, but you should treat any retrieval or storage of developer API keys carefully. No unrelated credentials were requested in the scripts themselves.
Persistence & Privilege
The skill is not marked always:true and does not request elevated or persistent platform privileges. Autonomous invocation (disable-model-invocation=false) is the platform default and not a unique risk here. There is no evidence the skill modifies other skills' configs or requests system-wide settings.
Scan Findings in Context
[system-prompt-override] unexpected: A prompt-injection pattern was detected in SKILL.md. For an integration script package, documentation should not contain instructions that attempt to override an agent's system prompt or tell the agent to ignore platform safeguards. Inspect SKILL.md for any 'do not follow previous instructions' or 'override system prompt' style text and remove or ignore such sections before enabling autonomous behavior.
What to consider before installing
What to check before installing or running this skill: - Confirm provenance: SKILL.md and clawhub.json reference a GitHub repo and api.insightssystem.com, but the registry metadata you were shown listed no homepage/source. Locate and inspect the upstream GitHub repository (https://github.com/Whatsable/whatsapp-business-agent-skills) and ensure it is the official source and has recent, sensible commits. - Inspect code before execution: the package bundles many Node.js scripts. Open and review scripts/lib/notifyer-api.js and any code that calls loadConfig/requestJson to ensure they only read the documented env vars and do not read unrelated files (e.g., ~/.ssh, ~/.bash_history) or attempt to exfiltrate data to unexpected domains. - Validate environment requirements: the SKILL.md requires NOTIFYER_API_BASE_URL (must be https://api.insightssystem.com per docs) and NOTIFYER_API_TOKEN (JWT). The registry metadata omitted these — do not trust the registry omission. Only provide the token if you trust the code and service. Prefer creating a scoped/test account/token when possible. - Search SKILL.md for prompt-injection content: because a 'system-prompt-override' pattern was flagged, remove or ignore any instructions in SKILL.md that try to alter agent/system prompts or tell the agent to ignore earlier instructions. - Least privilege & isolation: run scripts in an isolated environment (throwaway account, container, or VM) first. Do not export production-wide tokens into global shell startup files until you confirm behavior. - Developer API key caution: get-api-key.js can retrieve a developer API key for integrations — treat that key like any secret. If a script outputs or persists that key, ensure it is stored securely and not uploaded to third-party services. - If you need help: ask for a focused code review of specific files (e.g., notifyer-api.js, login.js, get-api-key.js) if you are not comfortable reading the code yourself. Bottom line: the code appears functionally consistent with a Notifyer integration, but the metadata inconsistencies and the prompt-injection signal make this package suspicious until you verify the upstream repository and review the SKILL.md and the key library files.
skills/automate-notifyer/scripts/lib/notifyer-api.js:31
Environment variable access combined with network send.
skills/chat-notifyer/scripts/add-note.js:59
Environment variable access combined with network send.
skills/chat-notifyer/scripts/assign-bot.js:54
Environment variable access combined with network send.
skills/chat-notifyer/scripts/assign-label.js:58
Environment variable access combined with network send.
skills/chat-notifyer/scripts/delete-scheduled.js:45
Environment variable access combined with network send.
skills/chat-notifyer/scripts/get-notes.js:57
Environment variable access combined with network send.
skills/chat-notifyer/scripts/lib/notifyer-api.js:31
Environment variable access combined with network send.
skills/chat-notifyer/scripts/list-recipients.js:63
Environment variable access combined with network send.
skills/chat-notifyer/scripts/remove-label.js:48
Environment variable access combined with network send.
skills/chat-notifyer/scripts/send-attachment.js:68
Environment variable access combined with network send.
skills/chat-notifyer/scripts/send-template.js:80
Environment variable access combined with network send.
skills/chat-notifyer/scripts/set-handoff.js:45
Environment variable access combined with network send.
skills/chat-notifyer/scripts/update-recipient.js:57
Environment variable access combined with network send.
skills/setup-notifyer/scripts/lib/notifyer-api.js:31
Environment variable access combined with network send.
!
skills/automate-notifyer/scripts/create-broadcast.js:136
File read combined with network send (possible exfiltration).
!
skills/chat-notifyer/scripts/send-attachment.js:61
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97513aekhkt9r508y0x78g6n185djwp
0downloads
0stars
2versions
Updated 15m ago
v1.0.2
MIT-0
@whatsable
latest
Download

Notifyer Agent Skills

Agent skills for Notifyer by WhatsAble — three phases that together cover the full platform: account setup, automation infrastructure, and live chat operations. Scripts are self-contained Node.js 18+ files with no external npm dependencies.

Source repository: https://github.com/Whatsable/whatsapp-business-agent-skills

Phase overview

PhaseSkill folderCoverage
1skills/setup-notifyerAccount, login, WhatsApp connection, plans, team, labels, API key
2skills/automate-notifyerTemplates, AI bots, broadcasts, analytics, webhooks
3skills/chat-notifyerRecipients, messaging, labels, handoff, scheduling, notes

Each phase depends on the one before it. Obtain NOTIFYER_API_TOKEN from Phase 1 (skills/setup-notifyer/scripts/login.js) before using Phase 2 or Phase 3.

Environment variables

VariableRequiredDescription
NOTIFYER_API_BASE_URLyesAPI base URL — use https://api.insightssystem.com
NOTIFYER_API_TOKENyesJWT token from setup-notifyer/scripts/login.js
NOTIFYER_CHAT_ORIGINnoCORS Origin override for Phase 3 chat endpoints (default: https://chat.notifyer-systems.com)
export NOTIFYER_API_BASE_URL="https://api.insightssystem.com"
export NOTIFYER_API_TOKEN="<jwt-from-login.js>"

NOTIFYER_API_BASE_URL must start with https:// — all three skill sets enforce this at startup and exit immediately on a non-HTTPS value to prevent token exposure.

Authentication modes

ModeHeader formatUsed by
ConsoleAuthorization: Bearer <token>Phase 1, Phase 2, and most Phase 3 scripts
ChatAuthorization: <token> (no Bearer prefix)Phase 3 chat endpoints, Phase 1 label endpoints
DeveloperAuthorization: <api_key> (no Bearer prefix)External tools (Make / Zapier / n8n) via get-api-key.js

The same JWT token (NOTIFYER_API_TOKEN) works for both Console and Chat modes. notifyer-api.js selects the correct header format automatically per endpoint.

Phase 1 — setup-notifyer

Scripts live in skills/setup-notifyer/scripts/.

Start here. Login to get NOTIFYER_API_TOKEN, then verify the workspace is ready with doctor.js before running Phase 2 or Phase 3 scripts.

Key commands

# Create a new account
node skills/setup-notifyer/scripts/create-account.js \
  --name "Jane Smith" --email jane@company.com \
  --password "Secure@123" --phone 14155550123

# Login and export the token
node skills/setup-notifyer/scripts/login.js \
  --email jane@company.com --password "Secure@123"
export NOTIFYER_API_TOKEN="<authToken from above>"

# Pre-flight health check (validates URL, token, WhatsApp connection, plan)
node skills/setup-notifyer/scripts/doctor.js --pretty

# Check WhatsApp connection status
node skills/setup-notifyer/scripts/get-connection-status.js --pretty

# List team members
node skills/setup-notifyer/scripts/list-members.js --pretty

# List workspace labels
node skills/setup-notifyer/scripts/list-labels.js --pretty

# Retrieve Developer API key (for Make / Zapier / n8n)
node skills/setup-notifyer/scripts/get-api-key.js --pretty

For the full Phase 1 script reference see skills/setup-notifyer/SKILL.md.

Phase 2 — automate-notifyer

Scripts live in skills/automate-notifyer/scripts/.

Requires: completed Phase 1 with NOTIFYER_API_TOKEN set, WhatsApp number connected, and (for bots and broadcasts) a Pro or Agency subscription.

Key commands

# Templates
node skills/automate-notifyer/scripts/list-templates.js --status approved --pretty
node skills/automate-notifyer/scripts/create-template.js \
  --name order_confirmation --category MARKETING \
  --body "Hello {{1}}, your order #{{2}} is confirmed." \
  --variables '{"1":"John","2":"12345"}'

# AI bots
node skills/automate-notifyer/scripts/list-bots.js --pretty
node skills/automate-notifyer/scripts/create-bot.js \
  --name "Support Bot" --mission "Help resolve support issues." \
  --tone "Friendly" --delay 3 --default

# Broadcasts
node skills/automate-notifyer/scripts/list-broadcasts.js --status upcoming --pretty
node skills/automate-notifyer/scripts/create-broadcast.js \
  --name "January Sale" --template-id 42 \
  --test-phone "+14155550123" \
  --recipients ./recipients.csv \
  --schedule "25/01/2025 14:00" \
  --delivery-mode smart

# Analytics
node skills/automate-notifyer/scripts/get-message-analytics.js --days 30 --pretty

# Webhooks
node skills/automate-notifyer/scripts/list-webhooks.js --type dev --pretty
node skills/automate-notifyer/scripts/create-webhook.js \
  --url "https://hook.eu2.make.com/abc" --incoming --outgoing --signature

For the full Phase 2 script reference see skills/automate-notifyer/SKILL.md.

Phase 3 — chat-notifyer

Scripts live in skills/chat-notifyer/scripts/.

Requires: completed Phase 1 with NOTIFYER_API_TOKEN set and WhatsApp number connected.

Phase 3 endpoints use Chat auth mode: Authorization: <token> (no Bearer prefix). The same JWT from login.js works — notifyer-api.js switches the header format automatically.

WhatsApp 24-hour messaging window

Free-text messages and attachments can only be sent within 24 hours of the recipient's last inbound message. Check recipient.expiration_timestamp to determine window state:

  • Window open (expiration_timestamp > Date.now()): text, template, and attachment sends are allowed
  • Window closed (null or past): template-only sends are allowed

Key commands

# List all active conversations
node skills/chat-notifyer/scripts/list-recipients.js --pretty

# Search for a contact
node skills/chat-notifyer/scripts/list-recipients.js --search "John" --pretty

# Get full recipient details (includes 24h window state)
node skills/chat-notifyer/scripts/get-recipient.js --phone 14155550123 --pretty

# Send a text message
node skills/chat-notifyer/scripts/send-text.js \
  --phone 14155550123 --text "Hello! How can I help?"

# Send a template message
node skills/chat-notifyer/scripts/send-template.js \
  --phone 14155550123 --template order_confirmation \
  --variables '{"1":"John","2":"12345"}'

# Send an attachment
node skills/chat-notifyer/scripts/send-attachment.js \
  --phone 14155550123 --file ./invoice.pdf --caption "Your invoice"

# Assign a label
node skills/chat-notifyer/scripts/assign-label.js \
  --phone 14155550123 --labels "Support,VIP"

# Control AI bot vs human handoff
node skills/chat-notifyer/scripts/set-handoff.js \
  --phone 14155550123 --handoff true   # true = human handles; false = bot handles

# Schedule a message
node skills/chat-notifyer/scripts/send-template.js \
  --phone 14155550123 --template order_confirmation \
  --variables '{"1":"John","2":"12345"}' \
  --schedule "2025-06-01T09:00:00"

# Add a note to a conversation
node skills/chat-notifyer/scripts/add-note.js \
  --phone 14155550123 --note "VIP customer — apply 15% discount"

# Get conversation history
node skills/chat-notifyer/scripts/get-conversation.js \
  --phone 14155550123 --pretty

For the full Phase 3 script reference see skills/chat-notifyer/SKILL.md.

Cross-phase usage notes

  • Run skills/setup-notifyer/scripts/doctor.js --pretty as a first step when troubleshooting any script failure. It validates base URL, token, WhatsApp connection, and plan status in one pass.
  • Phone numbers are always integers without the + prefix (e.g. 14155550123). Scripts strip the + automatically when it is supplied.
  • NOTIFYER_API_BASE_URL is validated at startup in every script. An http:// value is rejected immediately — HTTPS is required to prevent token exposure.
  • AI Bots and Broadcasts (Phase 2) require a Pro or Agency subscription. Verify plan status with get-user-plan.js before directing users to those features.
  • The WhatsApp initial connection (WABA embedded signup) cannot be scripted. A workspace admin must complete it once via the Notifyer console browser UI at console.notifyer-systems.com. After that, all connection management is scriptable.
  • Subscription and billing changes are browser-only Stripe flows. Direct users to https://console.notifyer-systems.com/pricing-plans for plan changes.

Security

  • Zero npm dependencies. All scripts use only Node.js built-in modules — no third-party packages, no supply chain risk.
  • Token handling. login.js prints the JWT to stdout by design so the agent can capture and export it. Treat it like a session cookie and avoid persisting it in unprotected logs.
  • Developer API key. get-api-key.js outputs the key to stdout and stderr. Store it in a secrets manager immediately. It is a long-lived credential that grants direct WhatsApp send access.
  • HTTPS enforcement. All scripts call loadConfig() which exits with an error if NOTIFYER_API_BASE_URL does not start with https://.

Repository structure

skills/
  setup-notifyer/          Phase 1 — account, auth, connection, team, labels
    SKILL.md
    scripts/
    references/
    assets/
  automate-notifyer/       Phase 2 — templates, bots, broadcasts, analytics, webhooks
    SKILL.md
    scripts/
    references/
    assets/
  chat-notifyer/           Phase 3 — recipients, messaging, handoff, scheduling, notes
    SKILL.md
    scripts/
    references/
    assets/

Each phase is also published separately on ClawHub as an individual skill (setup-notifyer, automate-notifyer, chat-notifyer) under the @whatsable namespace.

Comments

Loading comments...