npm - @moltflow/skills - Versions diffs - 1.3.0 → 1.4.0 - Mend

@moltflow/skills 1.3.0 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/SKILL.md +130 -81
package/package.json +2 -2

package/SKILL.md CHANGED Viewed

@@ -1,12 +1,12 @@
 ---
 name: "WhatsApp Automation & A2A"
-description: "MoltFlow — complete WhatsApp automation platform: sessions, messaging, groups, labels, webhooks, AI-powered replies, auto-feedback collection, intention detection, lead management, anti-spam safeguards, agent-to-agent protocol (JSON-RPC, encryption), and configurable rules."
+description: "MoltFlow — complete WhatsApp automation platform: sessions, messaging, groups, labels, AI-powered replies, anti-spam rules, content safeguards, auto-feedback collection, intention detection, lead management, agent-to-agent protocol (JSON-RPC, encryption), and configurable policies."
 metadata: {"openclaw":{"emoji":"📱","homepage":"https://waiflow.app","requires":{"env":["MOLTFLOW_API_KEY"]},"primaryEnv":"MOLTFLOW_API_KEY"}}
 ---
 # WhatsApp Automation & A2A
-MoltFlow provides a complete WhatsApp automation API with managed sessions, group monitoring, AI-powered replies, auto-feedback collection, intention detection, lead management, and agent-to-agent communication.
+MoltFlow provides a complete WhatsApp automation API with managed sessions, messaging, group monitoring, labels, anti-spam rules, content safeguards, AI-powered replies, auto-feedback collection, lead management, and agent-to-agent communication.
 ## When to use
@@ -15,16 +15,42 @@ Use this skill when you need to:
 - Send text messages, list chats, read message history
 - Monitor groups for leads or keywords
 - Manage contact labels (WhatsApp Business sync)
-- Configure webhooks for real-time events
-- Transcribe voice messages (Whisper AI)
-- Manage RAG knowledge base (upload docs, semantic search)
+- Configure anti-spam rules (rate limits, duplicate blocking, pattern filters)
+- Set up content safeguards (block secrets, PII, prompt injection)
 - Train style profiles and generate AI replies
+- Collect feedback via sentiment analysis (14+ languages)
+- Export testimonials (JSON/HTML)
 - Discover and message other AI agents (A2A JSON-RPC 2.0)
 - Manage encryption keys (X25519-AES256GCM)
-- Collect reviews via sentiment analysis (14+ languages)
-- Export testimonials (JSON/HTML)
 - Manage API keys, usage tracking, billing (Stripe)
+## Use cases
+**Personal automation:**
+- Auto-reply to WhatsApp messages while you're busy (AI learns your tone)
+- Forward important group mentions to a private chat
+- Schedule follow-up messages to contacts after meetings
+- Collect and organize customer testimonials from group conversations
+**Business & lead management:**
+- Monitor industry groups for purchase-intent keywords ("looking for", "need help with")
+- Auto-label new leads as VIP/Hot/Cold based on message sentiment
+- Route group-detected leads to your sales team via labels
+- Run feedback collectors across all chats — auto-approve positive reviews for your website
+**Agent-to-Agent (A2A):**
+- Build a support agent that escalates complex tickets to a human agent over A2A
+- Connect your booking agent with a payment agent — encrypted end-to-end
+- Create a multi-agent pipeline: lead detection → qualification → outreach → follow-up
+- Let two businesses' agents negotiate and exchange data securely (X25519-AES256GCM)
+- Resolve any WhatsApp number to check if they run a MoltFlow agent, then message directly
+**Safety & compliance:**
+- Block outgoing messages containing API keys, credit cards, or SSNs automatically
+- Set rate limits to prevent accidental spam (typing indicators + random delays built-in)
+- Create custom regex rules to flag sensitive content before it leaves your account
+- Test any message against your full policy stack before sending
 ## Setup
 Env vars:
@@ -151,64 +177,117 @@ curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
 | `/labels/{id}/sync` | POST | Sync to WhatsApp Business |
 | `/labels/sync-from-whatsapp` | POST | Import from WhatsApp |
-## 5. Webhooks
+## 5. Anti-Spam Rules
 ```bash
-# List webhooks
+# Get anti-spam settings
 curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  https://apiv2.waiflow.app/api/v2/webhooks
+  https://apiv2.waiflow.app/api/v2/antispam/settings
+# Update anti-spam settings
+curl -X PUT -H "X-API-Key: $MOLTFLOW_API_KEY" \
+  -H "Content-Type: application/json" \
+  -d '{"enabled": true, "rate_limit": 60, "rate_limit_window": 60, "block_duplicates": true, "auto_block_spammers": true, "max_violations": 5}' \
+  https://apiv2.waiflow.app/api/v2/antispam/settings
-# Test webhook
+# Create spam filter rule (actions: block, flag, delay)
 curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  https://apiv2.waiflow.app/api/v2/webhooks/{webhook_id}/test
+  -H "Content-Type: application/json" \
+  -d '{"pattern": "buy now|limited offer", "action": "block", "enabled": true}' \
+  https://apiv2.waiflow.app/api/v2/antispam/rules
+# Update rule
+curl -X PUT -H "X-API-Key: $MOLTFLOW_API_KEY" \
+  -H "Content-Type: application/json" \
+  -d '{"pattern": "buy now|limited offer|act fast", "action": "flag", "enabled": true}' \
+  https://apiv2.waiflow.app/api/v2/antispam/rules/{rule_id}
+# Delete rule
+curl -X DELETE -H "X-API-Key: $MOLTFLOW_API_KEY" \
+  https://apiv2.waiflow.app/api/v2/antispam/rules/{rule_id}
+# Get spam statistics
+curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
+  https://apiv2.waiflow.app/api/v2/antispam/stats
 ```
 | Endpoint | Method | Description |
 |----------|--------|-------------|
-| `/webhooks` | GET | List webhooks |
-| `/webhooks` | POST | Create webhook |
-| `/webhooks/{id}` | GET / PATCH / DELETE | Get, update, delete |
-| `/webhooks/{id}/test` | POST | Send test payload |
+| `/antispam/settings` | GET | Get anti-spam settings |
+| `/antispam/settings` | PUT | Update settings (rate limit, duplicate blocking, auto-block) |
+| `/antispam/rules` | POST | Create spam filter rule |
+| `/antispam/rules/{id}` | PUT | Update rule |
+| `/antispam/rules/{id}` | DELETE | Delete rule |
+| `/antispam/stats` | GET | Spam statistics (blocked, flagged, violations) |
-**Webhook events:** `message.received`, `message.sent`, `message.delivered`, `message.read`, `lead.detected`, `session.connected`, `session.disconnected`, `group.message`
+**Rule actions:** `block` (drop message), `flag` (mark for review), `delay` (add cooldown)
----
+**Settings fields:** `enabled`, `rate_limit` (msgs/window), `rate_limit_window` (seconds), `block_duplicates`, `duplicate_window`, `auto_block_spammers`, `max_violations`
-## 6. AI — Voice Transcription
+## 6. Safeguards — Content Policy
 ```bash
-# Queue voice message for transcription
-curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  -d '{"message_id": "uuid-of-voice-message"}' \
-  https://apiv2.waiflow.app/api/v2/ai/voice/transcribe
-# Check transcription status
+# Get content policy settings
 curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  https://apiv2.waiflow.app/api/v2/ai/voice/status/{task_id}
+  https://apiv2.waiflow.app/api/v2/a2a-policy/settings
+# Update content policy
+curl -X PUT -H "X-API-Key: $MOLTFLOW_API_KEY" \
+  -H "Content-Type: application/json" \
+  -d '{"block_api_keys": true, "block_credit_cards": true, "block_ssn": true, "block_emails": false, "max_message_length": 4096}' \
+  https://apiv2.waiflow.app/api/v2/a2a-policy/settings
-# Get transcript
+# View built-in safeguard patterns (prompt injection, secrets, PII)
 curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  https://apiv2.waiflow.app/api/v2/ai/messages/{message_id}/transcript
-```
+  https://apiv2.waiflow.app/api/v2/a2a-policy/safeguards
-## 7. AI — Knowledge Base (RAG)
+# Create custom blocking rule
+curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
+  -H "Content-Type: application/json" \
+  -d '{"pattern": "sk-[a-zA-Z0-9]{48}", "description": "Block OpenAI API keys"}' \
+  https://apiv2.waiflow.app/api/v2/a2a-policy/rules
-```bash
-# Search knowledge base
+# Toggle rule on/off
 curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  -d '{"query": "return policy", "top_k": 5}' \
-  https://apiv2.waiflow.app/api/v2/ai/knowledge/search
+  https://apiv2.waiflow.app/api/v2/a2a-policy/rules/{rule_id}/toggle
-# List knowledge sources
+# Delete custom rule
+curl -X DELETE -H "X-API-Key: $MOLTFLOW_API_KEY" \
+  https://apiv2.waiflow.app/api/v2/a2a-policy/rules/{rule_id}
+# Test content against all policies
+curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
+  -H "Content-Type: application/json" \
+  -d '{"content": "My API key is sk-abc123"}' \
+  https://apiv2.waiflow.app/api/v2/a2a-policy/test
+# Get blocking statistics
 curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  https://apiv2.waiflow.app/api/v2/ai/knowledge/sources
+  https://apiv2.waiflow.app/api/v2/a2a-policy/stats
-# Delete knowledge source
-curl -X DELETE -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  https://apiv2.waiflow.app/api/v2/ai/knowledge/{source_id}
+# Reset policy to defaults
+curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
+  https://apiv2.waiflow.app/api/v2/a2a-policy/reset
 ```
-## 8. AI — Style Profiles (Learn Mode)
+| Endpoint | Method | Description |
+|----------|--------|-------------|
+| `/a2a-policy/settings` | GET / PUT | Get or update content policy |
+| `/a2a-policy/safeguards` | GET | View built-in safeguard patterns |
+| `/a2a-policy/rules` | POST | Create custom blocking rule |
+| `/a2a-policy/rules/{id}` | DELETE | Delete custom rule |
+| `/a2a-policy/rules/{id}/toggle` | POST | Toggle rule on/off |
+| `/a2a-policy/test` | POST | Test content against policies |
+| `/a2a-policy/stats` | GET | Blocking statistics |
+| `/a2a-policy/reset` | POST | Reset to defaults |
+**Built-in safeguards:** prompt injection detection, secret patterns (API keys, tokens, private keys), PII patterns (SSN, credit cards, bank accounts)
+**Policy fields:** `block_api_keys`, `block_passwords`, `block_tokens`, `block_private_keys`, `block_ssn`, `block_credit_cards`, `block_bank_accounts`, `block_phone_numbers`, `block_emails`, `max_message_length`, `max_urls_per_message`, `min_trust_level`, `log_blocked`
+---
+## 7. AI — Style Profiles
 ```bash
 # Train style profile from message history
@@ -225,30 +304,23 @@ curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
   https://apiv2.waiflow.app/api/v2/ai/style/profiles
 ```
-## 9. AI — Reply Generation
+## 8. AI — Reply Generation
 ```bash
-# Generate AI reply (uses RAG + style)
+# Generate AI reply (uses style profile)
 curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  -d '{"contact_id": "jid", "context": "customer question", "use_rag": true, "apply_style": true}' \
+  -d '{"contact_id": "jid", "context": "customer question", "apply_style": true}' \
   https://apiv2.waiflow.app/api/v2/ai/ai/generate-reply
 # Preview AI reply (no usage tracking)
 curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  "https://apiv2.waiflow.app/api/v2/ai/ai/preview?contact_id=jid&context=question&use_rag=true&apply_style=true"
+  "https://apiv2.waiflow.app/api/v2/ai/ai/preview?contact_id=jid&context=question&apply_style=true"
 ```
 ### AI API Reference
 | Endpoint | Method | Description |
 |----------|--------|-------------|
-| `/ai/voice/transcribe` | POST | Queue voice transcription |
-| `/ai/voice/status/{task_id}` | GET | Check transcription status |
-| `/ai/messages/{id}/transcript` | GET | Get transcript |
-| `/ai/knowledge/ingest` | POST | Ingest document |
-| `/ai/knowledge/search` | POST | Semantic search |
-| `/ai/knowledge/sources` | GET | List knowledge sources |
-| `/ai/knowledge/{id}` | DELETE | Delete source |
 | `/ai/style/train` | POST | Train style profile |
 | `/ai/style/status/{task_id}` | GET | Training status |
 | `/ai/style/profile` | GET | Get style profile |
@@ -259,7 +331,7 @@ curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
 ---
-## 10. A2A — Agent-to-Agent Protocol
+## 9. A2A — Agent-to-Agent Protocol
 **Requires Business plan.** Uses JSON-RPC 2.0 over HTTPS with X25519-AES256GCM encryption.
@@ -314,26 +386,6 @@ curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
   https://apiv2.waiflow.app/api/v2/a2a
 ```
-### Content policy
-```bash
-# Get policy settings
-curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  https://apiv2.waiflow.app/api/v2/a2a-policy/settings
-# Update policy
-curl -X PUT -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  -H "Content-Type: application/json" \
-  -d '{"block_api_keys": true, "block_credit_cards": true, "block_emails": false}' \
-  https://apiv2.waiflow.app/api/v2/a2a-policy/settings
-# Test content against policy
-curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
-  -H "Content-Type: application/json" \
-  -d '{"content": "My API key is sk-abc123"}' \
-  https://apiv2.waiflow.app/api/v2/a2a-policy/test
-```
 ### A2A API Reference
 | Endpoint | Method | Description |
@@ -346,10 +398,6 @@ curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
 | `/agents/peers` | GET | List discovered peers |
 | `/agents/peers/{id}/trust` | PATCH | Update trust level |
 | `/a2a` | POST | JSON-RPC 2.0 endpoint |
-| `/a2a-policy/settings` | GET/PUT | Get/update policy |
-| `/a2a-policy/rules` | POST | Add custom filter rule |
-| `/a2a-policy/test` | POST | Test content against policy |
-| `/a2a-policy/stats` | GET | Blocking statistics |
 **JSON-RPC methods:** `agent.message.send`, `group.getContext`, `agent.group.create`, `agent.group.invite`, `agent.group.list`, `webhook_manager`
@@ -359,7 +407,7 @@ curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
 ---
-## 11. Reviews — Sentiment Analysis & Testimonials
+## 10. Reviews — Feedback Collection & Testimonials
 ```bash
 # Create review collector
@@ -411,7 +459,7 @@ curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
 ---
-## 12. Auth & API Keys
+## 11. Auth & API Keys
 ```bash
 # Login
@@ -446,7 +494,7 @@ curl -X POST -H "Authorization: Bearer $TOKEN" \
 | `/api-keys/{id}` | GET/DELETE | Get/revoke key |
 | `/api-keys/{id}/rotate` | POST | Rotate key |
-## 13. Usage & Billing
+## 12. Usage & Billing
 ```bash
 # Current period usage
@@ -491,8 +539,9 @@ curl -H "Authorization: Bearer $TOKEN" \
 - Use E.164 phone format without `+` where required
 - AI features require Pro plan or above
 - A2A protocol requires Business plan
-- AI reply generation includes safety: input sanitization, intent verification, output filtering, PII/secrets detection
-- Content policy filters secrets (API keys, tokens) and PII (SSN, credit cards)
+- Anti-spam rules support pattern matching with block, flag, or delay actions
+- Content safeguards filter secrets (API keys, tokens), PII (SSN, credit cards), and prompt injection
+- AI reply generation includes safety: input sanitization, intent verification, output filtering
 - API keys use name + expires_in_days (no scopes param); raw key shown only once at creation
 - Respect WhatsApp opt-in, business hours, and opt-out requests

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@moltflow/skills",
-  "version": "1.3.0",
-  "description": "MoltFlow — complete WhatsApp automation platform: sessions, messaging, groups, AI, A2A protocol, reviews, billing.",
+  "version": "1.4.0",
+  "description": "MoltFlow — complete WhatsApp automation platform: sessions, messaging, groups, labels, anti-spam rules, safeguards, AI replies, feedback collection, A2A protocol.",
   "license": "MIT",
   "private": false,
   "files": [