ClawHub
Code PluginExecutes codesource-linked

WhatsApp

OpenClaw WhatsApp plugin powered by wacli for chat lookup, message search, diagnostics, backfill, and explicit sends

Community code plugin. Review compatibility and verification before install.
whatsapp · runtime id whatsapp
Install
openclaw plugins install clawhub:whatsapp
Latest Release
Version 0.1.1
Compatibility
{
  "builtWithOpenClawVersion": "2026.3.23-2",
  "pluginApiRange": ">=2026.3.23"
}
Capabilities
{
  "bundledSkills": [],
  "capabilityTags": [
    "executes-code"
  ],
  "channels": [],
  "commandNames": [],
  "configSchema": true,
  "configUiHints": false,
  "executesCode": true,
  "hooks": [],
  "httpRouteCount": 0,
  "materializesDependencies": false,
  "providers": [],
  "runtimeId": "whatsapp",
  "serviceNames": [],
  "setupEntry": false,
  "toolNames": []
}
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, SKILL.md, openclaw.plugin.json, and source code consistently implement a wacli-backed WhatsApp toolset (chat list, message search, backfill, diagnostics, send). The config options (wacliPath, storePath, confirmation flags, limits) are appropriate for this purpose.
Instruction Scope
SKILL.md instructs the agent to use the local wacli CLI, to run wacli auth/sync in the user’s terminal, and to require explicit confirmation before sending. The runtime code only executes the wacli binary with controlled args and returns parsed output; it does not read unrelated system files or environment variables.
Install Mechanism
There is no opaque network download. The skill recommends installing wacli via Homebrew or Go (both declared in the skill metadata), which is proportionate and traceable for a CLI integration. The plugin itself ships only JS/TS artifacts and tests.
Credentials
No environment variables or external credentials are requested. Only local configuration options (wacliPath, storePath) are used, which are necessary and sufficient for locating the wacli binary and data store.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. It does not modify other skills or system-wide configs. It runs the local wacli binary when invoked.
Assessment
This plugin is internally consistent: it runs your local wacli binary to access WhatsApp data and send messages. Before installing, verify you trust the wacli implementation (install from the official source), ensure you've run wacli auth interactively, and keep requireExplicitSendConfirmation enabled so the agent cannot send messages without your explicit confirm=true. Remember that the plugin can only be as safe as the local wacli binary and the data in ~/.wacli—if an attacker can replace that binary or that store, they could abuse these tools.
Verification
{
  "hasProvenance": false,
  "scanStatus": "clean",
  "scope": "artifact-only",
  "sourceCommit": "4eef5ed",
  "sourceRepo": "clawic/plugins",
  "sourceTag": "main",
  "summary": "Validated package structure and linked the release to source metadata.",
  "tier": "source-linked"
}
Tags
{
  "latest": "0.1.1"
}

WhatsApp Plugin

OpenClaw plugin for working with WhatsApp through the local wacli CLI.

It exposes real tools for operational messaging, history search, diagnostics, and backfill. It is not for normal back-and-forth chats with the user.

Requirements

Install wacli locally, then authenticate once:

brew install steipete/tap/wacli
wacli auth

Keep sync running when you want continuous indexing:

wacli sync --follow

Config

{
  plugins: {
    entries: {
      whatsapp: {
        enabled: true,
        config: {
          wacliPath: "/opt/homebrew/bin/wacli",
          storePath: "~/.wacli",
          requireExplicitSendConfirmation: true,
          defaultChatListLimit: 20,
          defaultMessageSearchLimit: 20,
        },
      },
    },
  },
}

wacliPath is optional if wacli is already on PATH.

Tools

  • whatsapp_chats_list
  • whatsapp_messages_search
  • whatsapp_history_backfill
  • whatsapp_doctor
  • whatsapp_send_text
  • whatsapp_send_file

Usage

After enabling whatsapp, ask for things like:

  • Search my WhatsApp history for "invoice" after 2025-01-01.
  • Find the JID for the Project Alpha group and backfill older messages.
  • Send a WhatsApp message to +14155551212 saying that the files are ready.
  • Send /tmp/agenda.pdf to the team group with caption "Agenda".

The send tools require confirm=true by default so the agent cannot send a real message without an explicit confirmation step.