From whatsup
Sends and receives WhatsApp messages, reacts to conversations, sets status, and polls for incoming messages via Baileys WebSocket client. Restricted to allowlisted contacts. Use when the user asks to send or read WhatsApp messages, monitor WhatsApp conversations, or automate WhatsApp communication.
npx claudepluginhub sshh12/claude-plugins --plugin whatsupThis skill uses the workspace's default tool permissions.
Run any command once to auto-create the `/tmp/whatsup` shortcut:
Guides Next.js Cache Components and Partial Prerendering (PPR) with cacheComponents enabled. Implements 'use cache', cacheLife(), cacheTag(), revalidateTag(), static/dynamic optimization, and cache debugging.
Guides building MCP servers enabling LLMs to interact with external services via tools. Covers best practices, TypeScript/Node (MCP SDK), Python (FastMCP).
Generates original PNG/PDF visual art via design philosophy manifestos for posters, graphics, and static designs on user request.
Run any command once to auto-create the /tmp/whatsup shortcut:
node "${SKILL_DIR}/scripts/whatsup.js" --help
Then use /tmp/whatsup for all subsequent commands. Prerequisites: Node.js 18+, a WhatsApp account on a phone.
whatsup operates a WhatsApp account via CLI commands. A persistent background daemon manages a Baileys WebSocket connection to WhatsApp's servers, and each CLI call sends an HTTP request to that daemon. All outbound messaging is restricted to an allowlist of approved contacts by default — an empty allowlist means zero messages can be sent.
The proxy auto-starts on first command and auto-shuts down after 1 hour idle.
If the user has not connected WhatsApp yet, walk them through the onboarding flow in references/ONBOARDING.md. The short version:
/tmp/whatsup auth login — generates QR code at /tmp/whatsup-qr.png/tmp/whatsup auth status — verify "connected": true~/.config/whatsup/config.json or WHATSUP_ALLOWLIST env var/tmp/whatsup server restart — pick up new config/tmp/whatsup send "+1234567890" "Hello!" — test sendUse the onboarding reference when: first-time setup, re-authentication after session expiry, allowlist configuration, or troubleshooting connection issues.
Poll -> Read -> Act -> Verify delivery
/tmp/whatsup poll --timeout 30
/tmp/whatsup read-chat <chatId> --limit 10
/tmp/whatsup send "+1234567890" "Got it, thanks!"
This poll-read-act loop is the core pattern. Every poll returns new messages with sender info, timestamps, and chat IDs for follow-up.
Full details for every command are in references/COMMANDS.md. Brief summary:
| Command | Description |
|---|---|
send | Send a text message |
send-media | Send image, video, audio, or document |
send-location | Send a GPS location pin |
send-contact | Share a contact card (vCard) |
send-poll | Create a poll in a chat |
| Command | Description |
|---|---|
react | Add emoji reaction to a message |
forward | Forward a message to another chat |
edit | Edit a previously sent message |
delete | Delete a sent message for everyone |
| Command | Description |
|---|---|
typing | Show typing indicator in a chat |
presence | Set online/offline presence |
| Command | Description |
|---|---|
poll | Poll for new incoming messages |
list-chats | List recent chats with metadata |
read-chat | Read message history for a chat |
contacts | List or search contacts |
search | Search messages across chats |
| Command | Description |
|---|---|
status | Set or view WhatsApp text status |
profile | View or update profile name/picture |
| Command | Description |
|---|---|
auth | Login, logout, check auth status |
server | Start, stop, restart, check daemon |
config | Show resolved configuration |
log | View daemon log output |
whatsup is locked down by default. See references/SECURITY.md for the full threat model and configuration details.
Key principles:
WHATSUP_ALLOWLIST can receive messages. Empty list = all sends blocked.<untrusted_user_message> tags to prevent prompt injection.~/.config/whatsup/audit.jsonl by default.These rules govern agent behavior when using whatsup:
send-media./tmp/whatsup server status before starting complex multi-step workflows.| Symptom | Diagnosis | Fix |
|---|---|---|
| Commands hang or timeout | Daemon down | /tmp/whatsup server status then /tmp/whatsup server restart |
AUTH_EXPIRED error | Session revoked | /tmp/whatsup auth login for a new QR code |
RATE_LIMITED error | Too many messages | Wait before retrying; check limits with /tmp/whatsup config |
NOT_ALLOWED error | Contact not in allowlist | Add number to WHATSUP_ALLOWLIST |
CONNECTION_LOST | Network issue | Daemon auto-reconnects; if persistent, /tmp/whatsup server restart |
Any CLI command auto-starts the daemon if it is not running, so explicit server start is rarely needed.
Set via environment variables (WHATSUP_*), .claude/whatsup.json (per-repo), or ~/.config/whatsup/config.json (user). Run /tmp/whatsup config to see resolved values.
| Variable | Default | Description |
|---|---|---|
WHATSUP_ALLOWLIST | "" (empty, all blocked) | Comma-separated E.164 phone numbers |
WHATSUP_PORT | 9226 | Daemon HTTP port |
WHATSUP_IDLE_TIMEOUT | 3600 | Auto-shutdown after N seconds idle |
WHATSUP_RATE_LIMIT | 30 | Max messages/minute per contact |
WHATSUP_RATE_LIMIT_TOTAL | 100 | Max messages/minute total |
WHATSUP_AUDIT_LOG | ~/.config/whatsup/audit.jsonl | Audit log path |
WhatsApp actively bans accounts for excessive or automated messaging. Built-in rate limits protect against accidental bans, but stay well within these guidelines:
The built-in rate limiter enforces per-contact and global limits automatically and returns RATE_LIMITED errors with retry-after hints when thresholds are hit.
references/ONBOARDING.md — step-by-step first-time setup, QR auth, allowlist config, troubleshootingreferences/COMMANDS.md — all flags, arguments, output fields, and examplesreferences/SECURITY.md — threat model, allowlist details, audit logging, session security