whatsapp-automation-a2a

✓Verified·Scanned 2/17/2026

This skill provides WhatsApp automation and A2A tooling for sessions, messaging, AI replies, and reviews. It reads MOLTFLOW_API_KEY from the environment and makes network calls to https://api.moltflow.com and https://apiv2.waiflow.app.

from clawhub.ai·v2e478d3·43.8 KB·0 installs

Scanned from 1.5.0 at 2c0ce33 · Transparency log ↗

$ vett add clawhub.ai/alex-tradequo/whatsapp-automation-a2a

WhatsApp Automation & A2A

MoltFlow provides a complete WhatsApp automation API with managed sessions, messaging, group monitoring, labels, anti-spam rules, content safeguards, AI-powered replies, auto-feedback collection, lead management, and agent-to-agent communication.

When to use

Use this skill when you need to:

Connect and manage WhatsApp sessions (QR pairing, start/stop)
Send text messages, list chats, read message history
Monitor groups for leads or keywords
Manage contact labels (WhatsApp Business sync)
Configure anti-spam rules (rate limits, duplicate blocking, pattern filters)
Set up content safeguards (block secrets, PII, prompt injection)
Train style profiles and generate AI replies
Collect feedback via sentiment analysis (14+ languages)
Export testimonials (JSON/HTML)
Discover and message other AI agents (A2A JSON-RPC 2.0)
Manage encryption keys (X25519-AES256GCM)
Manage API keys, usage tracking, billing (Stripe)

Use cases

Personal automation:

Auto-reply to WhatsApp messages while you're busy (AI learns your tone)
Forward important group mentions to a private chat
Schedule follow-up messages to contacts after meetings
Collect and organize customer testimonials from group conversations

Business & lead management:

Monitor industry groups for purchase-intent keywords ("looking for", "need help with")
Auto-label new leads as VIP/Hot/Cold based on message sentiment
Route group-detected leads to your sales team via labels
Run feedback collectors across all chats — auto-approve positive reviews for your website

Agent-to-Agent (A2A):

Build a support agent that escalates complex tickets to a human agent over A2A
Connect your booking agent with a payment agent — encrypted end-to-end
Create a multi-agent pipeline: lead detection → qualification → outreach → follow-up
Let two businesses' agents negotiate and exchange data securely (X25519-AES256GCM)
Resolve any WhatsApp number to check if they run a MoltFlow agent, then message directly

Safety & compliance:

Block outgoing messages containing API keys, credit cards, or SSNs automatically
Set rate limits to prevent accidental spam (typing indicators + random delays built-in)
Create custom regex rules to flag sensitive content before it leaves your account
Test any message against your full policy stack before sending

Setup

Free tier available — 1 session, 50 messages/month, no credit card required. Sign up at https://molt.waiflow.app/register

Env vars:

MOLTFLOW_API_KEY (required) — API key from waiflow.app dashboard
MOLTFLOW_API_URL (optional) — defaults to https://apiv2.waiflow.app

Authentication: X-API-Key: $MOLTFLOW_API_KEY header or Authorization: Bearer $TOKEN (JWT from login).

Base URL: https://apiv2.waiflow.app/api/v2

1. Sessions

# List all sessions
curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
  https://apiv2.waiflow.app/api/v2/sessions

# Create new session
curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"name": "Main Line"}' \
  https://apiv2.waiflow.app/api/v2/sessions

# Get session details
curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
  https://apiv2.waiflow.app/api/v2/sessions/{session_id}

# Delete session
curl -X DELETE -H "X-API-Key: $MOLTFLOW_API_KEY" \
  https://apiv2.waiflow.app/api/v2/sessions/{session_id}

Endpoint	Method	Description
`/sessions`	GET	List sessions
`/sessions`	POST	Create session
`/sessions/{id}`	GET	Get session details
`/sessions/{id}`	DELETE	Delete session

2. Messages

# Send text message
curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"session_id": "uuid", "chat_id": "1234567890@c.us", "message": "Hello!"}' \
  https://apiv2.waiflow.app/api/v2/messages/send

# List chats for a session
curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
  https://apiv2.waiflow.app/api/v2/messages/chats/{session_id}

# Get chat messages
curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
  https://apiv2.waiflow.app/api/v2/messages/chat/{session_id}/{chat_id}

Endpoint	Method	Description
`/messages/send`	POST	Send text message
`/messages/send/poll`	POST	Send poll (question + options)
`/messages/send/sticker`	POST	Send sticker (WebP URL or base64)
`/messages/send/gif`	POST	Send GIF (MP4 URL or base64)
`/messages/chats/{session_id}`	GET	List chats
`/messages/chat/{session_id}/{chat_id}`	GET	Get messages in chat
`/messages/{message_id}`	GET	Get single message

3. Groups

# List monitored groups
curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
  https://apiv2.waiflow.app/api/v2/groups

# List available WhatsApp groups
curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
  https://apiv2.waiflow.app/api/v2/groups/available/{session_id}

# Add group to monitor
curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"session_id": "uuid", "wa_group_id": "123456@g.us", "monitor_mode": "first_message"}' \
  https://apiv2.waiflow.app/api/v2/groups

# Update monitoring settings
curl -X PATCH -H "X-API-Key: $MOLTFLOW_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"monitor_mode": "keyword", "monitor_keywords": ["looking for", "need help"]}' \
  https://apiv2.waiflow.app/api/v2/groups/{group_id}

Endpoint	Method	Description
`/groups`	GET	List monitored groups
`/groups/available/{session_id}`	GET	List available WhatsApp groups
`/groups`	POST	Add group to monitoring
`/groups/create`	POST	Create new WhatsApp group
`/groups/{id}`	GET	Get group details
`/groups/{id}`	PATCH	Update monitoring settings
`/groups/{id}`	DELETE	Remove from monitoring
`/groups/{wa_group_id}/participants/add`	POST	Add members to group
`/groups/{wa_group_id}/participants/remove`	POST	Remove members from group
`/groups/{wa_group_id}/admin/promote`	POST	Promote to admin
`/groups/{wa_group_id}/admin/demote`	POST	Demote from admin

4. Labels

# Create label (color must be hex #RRGGBB)
curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"name": "VIP", "color": "#00FF00"}' \
  https://apiv2.waiflow.app/api/v2/labels

# Sync label to WhatsApp Business
curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
  "https://apiv2.waiflow.app/api/v2/labels/{label_id}/sync?session_id={session_id}"

# Import labels from WhatsApp Business
curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
  "https://apiv2.waiflow.app/api/v2/labels/sync-from-whatsapp?session_id={session_id}"

Endpoint	Method	Description
`/labels`	GET	List labels
`/labels`	POST	Create label
`/labels/business-check`	GET	Check WhatsApp Business status
`/labels/{id}`	GET / PATCH / DELETE	Get, update, delete label
`/labels/{id}/sync`	POST	Sync to WhatsApp Business
`/labels/sync-from-whatsapp`	POST	Import from WhatsApp

5. Anti-Spam Rules

# Get anti-spam settings
curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
  https://apiv2.waiflow.app/api/v2/antispam/settings

# Update anti-spam settings
curl -X PUT -H "X-API-Key: $MOLTFLOW_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"enabled": true, "rate_limit": 60, "rate_limit_window": 60, "block_duplicates": true, "auto_block_spammers": true, "max_violations": 5}' \
  https://apiv2.waiflow.app/api/v2/antispam/settings

# Create spam filter rule (actions: block, flag, delay)
curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"pattern": "buy now|limited offer", "action": "block", "enabled": true}' \
  https://apiv2.waiflow.app/api/v2/antispam/rules

# Update rule
curl -X PUT -H "X-API-Key: $MOLTFLOW_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"pattern": "buy now|limited offer|act fast", "action": "flag", "enabled": true}' \
  https://apiv2.waiflow.app/api/v2/antispam/rules/{rule_id}

# Delete rule
curl -X DELETE -H "X-API-Key: $MOLTFLOW_API_KEY" \
  https://apiv2.waiflow.app/api/v2/antispam/rules/{rule_id}

# Get spam statistics
curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
  https://apiv2.waiflow.app/api/v2/antispam/stats

Endpoint	Method	Description
`/antispam/settings`	GET	Get anti-spam settings
`/antispam/settings`	PUT	Update settings (rate limit, duplicate blocking, auto-block)
`/antispam/rules`	POST	Create spam filter rule
`/antispam/rules/{id}`	PUT	Update rule
`/antispam/rules/{id}`	DELETE	Delete rule
`/antispam/stats`	GET	Spam statistics (blocked, flagged, violations)

Rule actions: block (drop message), flag (mark for review), delay (add cooldown)

Settings fields: enabled, rate_limit (msgs/window), rate_limit_window (seconds), block_duplicates, duplicate_window, auto_block_spammers, max_violations

6. Safeguards — Content Policy

# Get content policy settings
curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
  https://apiv2.waiflow.app/api/v2/a2a-policy/settings

# Update content policy
curl -X PUT -H "X-API-Key: $MOLTFLOW_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"block_api_keys": true, "block_credit_cards": true, "block_ssn": true, "block_emails": false, "max_message_length": 4096}' \
  https://apiv2.waiflow.app/api/v2/a2a-policy/settings

# View built-in safeguard patterns (prompt injection, secrets, PII)
curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
  https://apiv2.waiflow.app/api/v2/a2a-policy/safeguards

# Create custom blocking rule
curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"pattern": "sk-[a-zA-Z0-9]{48}", "description": "Block OpenAI API keys"}' \
  https://apiv2.waiflow.app/api/v2/a2a-policy/rules

# Toggle rule on/off
curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
  https://apiv2.waiflow.app/api/v2/a2a-policy/rules/{rule_id}/toggle

# Delete custom rule
curl -X DELETE -H "X-API-Key: $MOLTFLOW_API_KEY" \
  https://apiv2.waiflow.app/api/v2/a2a-policy/rules/{rule_id}

# Test content against all policies
curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"content": "My API key is sk-abc123"}' \
  https://apiv2.waiflow.app/api/v2/a2a-policy/test

# Get blocking statistics
curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
  https://apiv2.waiflow.app/api/v2/a2a-policy/stats

# Reset policy to defaults
curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
  https://apiv2.waiflow.app/api/v2/a2a-policy/reset

Endpoint	Method	Description
`/a2a-policy/settings`	GET / PUT	Get or update content policy
`/a2a-policy/safeguards`	GET	View built-in safeguard patterns
`/a2a-policy/rules`	POST	Create custom blocking rule
`/a2a-policy/rules/{id}`	DELETE	Delete custom rule
`/a2a-policy/rules/{id}/toggle`	POST	Toggle rule on/off
`/a2a-policy/test`	POST	Test content against policies
`/a2a-policy/stats`	GET	Blocking statistics
`/a2a-policy/reset`	POST	Reset to defaults

Built-in safeguards: prompt injection detection, secret patterns (API keys, tokens, private keys), PII patterns (SSN, credit cards, bank accounts)

Policy fields: block_api_keys, block_passwords, block_tokens, block_private_keys, block_ssn, block_credit_cards, block_bank_accounts, block_phone_numbers, block_emails, max_message_length, max_urls_per_message, min_trust_level, log_blocked

7. AI — Style Profiles

# Train style profile from message history
curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
  -d '{"contact_id": "optional-contact-jid"}' \
  https://apiv2.waiflow.app/api/v2/ai/style/train

# Check training status
curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
  https://apiv2.waiflow.app/api/v2/ai/style/status/{task_id}

# Get / list / delete style profiles
curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
  https://apiv2.waiflow.app/api/v2/ai/style/profiles

8. AI — Reply Generation

# Generate AI reply (uses style profile)
curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
  -d '{"contact_id": "jid", "context": "customer question", "apply_style": true}' \
  https://apiv2.waiflow.app/api/v2/ai/ai/generate-reply

# Preview AI reply (no usage tracking)
curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
  "https://apiv2.waiflow.app/api/v2/ai/ai/preview?contact_id=jid&context=question&apply_style=true"

AI API Reference

Endpoint	Method	Description
`/ai/style/train`	POST	Train style profile
`/ai/style/status/{task_id}`	GET	Training status
`/ai/style/profile`	GET	Get style profile
`/ai/style/profiles`	GET	List all profiles
`/ai/style/profile/{id}`	DELETE	Delete profile
`/ai/ai/generate-reply`	POST	Generate AI reply
`/ai/ai/preview`	GET	Preview reply (no tracking)

9. A2A — Agent-to-Agent Protocol

Requires Business plan. Uses JSON-RPC 2.0 over HTTPS with X25519-AES256GCM encryption.

Bootstrap & encryption

# Get full configuration
curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
  https://apiv2.waiflow.app/api/v2/agent/bootstrap

# Get your public key (auto-generates if none)
curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
  https://apiv2.waiflow.app/api/v2/agent/public-key

# Rotate keypair
curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
  https://apiv2.waiflow.app/api/v2/agent/rotate-keys

Discover agents

# Resolve phone to MoltFlow agent
curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
  https://apiv2.waiflow.app/api/v2/agents/resolve/+1234567890

# List peers
curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
  https://apiv2.waiflow.app/api/v2/agents/peers

# Update trust level (discovered, verified, blocked)
curl -X PATCH -H "X-API-Key: $MOLTFLOW_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"trust_level": "verified"}' \
  https://apiv2.waiflow.app/api/v2/agents/peers/{peer_id}/trust

Send A2A messages (JSON-RPC 2.0)

curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "jsonrpc": "2.0",
    "method": "agent.message.send",
    "params": {
      "phone": "+1234567890",
      "message": {"parts": [{"text": "Hello from my agent!"}]}
    },
    "id": "1"
  }' \
  https://apiv2.waiflow.app/api/v2/a2a

A2A API Reference

Endpoint	Method	Description
`/agent/bootstrap`	GET	Full onboarding config
`/agent/public-key`	GET	Get X25519 public key
`/agent/rotate-keys`	POST	Rotate keypair
`/agent/peer/{tenant_id}/public-key`	GET	Peer's public key
`/agents/resolve/{phone}`	GET	Resolve phone to agent
`/agents/peers`	GET	List discovered peers
`/agents/peers/{id}/trust`	PATCH	Update trust level
`/a2a`	POST	JSON-RPC 2.0 endpoint

JSON-RPC methods: agent.message.send, group.getContext, agent.group.create, agent.group.invite, agent.group.list, webhook_manager

Trust levels: discovered → verified → blocked

Encryption: X25519-AES256GCM, ECDH key exchange, HKDF-SHA256, 32-byte keys (base64)

10. Reviews — Feedback Collection & Testimonials

# Create review collector
curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
  -d '{
    "name": "Customer Feedback",
    "session_id": "uuid-of-whatsapp-session",
    "source_type": "groups",
    "min_positive_words": 3,
    "min_sentiment_score": 0.6,
    "include_keywords": ["great", "excellent"],
    "languages": []
  }' \
  https://apiv2.waiflow.app/api/v2/reviews/collectors

# Trigger manual scan
curl -X POST -H "X-API-Key: $MOLTFLOW_API_KEY" \
  https://apiv2.waiflow.app/api/v2/reviews/collectors/{id}/run

# List reviews
curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
  "https://apiv2.waiflow.app/api/v2/reviews?approved_only=false&limit=50"

# Approve review
curl -X PATCH -H "X-API-Key: $MOLTFLOW_API_KEY" \
  -d '{"is_approved": true}' \
  https://apiv2.waiflow.app/api/v2/reviews/{id}

# Export testimonials as HTML
curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
  "https://apiv2.waiflow.app/api/v2/reviews/testimonials/export?format=html"

Reviews API Reference

Endpoint	Method	Description
`/reviews/collectors`	GET/POST	List/create collectors
`/reviews/collectors/{id}`	GET/PATCH/DELETE	Manage collector
`/reviews/collectors/{id}/run`	POST	Trigger scan
`/reviews`	GET	List reviews
`/reviews/stats`	GET	Review statistics
`/reviews/{id}`	GET/PATCH/DELETE	Manage review
`/reviews/testimonials/export`	GET	Export (format=json/html)

Supported languages (14+): English, Spanish, Portuguese, French, German, Italian, Dutch, Russian, Arabic, Hebrew, Chinese, Japanese, Korean, Hindi, Turkish

Collector fields: name, session_id, source_type (all/groups/chats/selected), min_positive_words (1-10), min_sentiment_score (0.0-1.0), include_keywords, exclude_keywords, languages

11. Auth & API Keys

# Login
curl -X POST -d '{"email": "user@example.com", "password": "..."}' \
  https://apiv2.waiflow.app/api/v2/auth/login

# Get current user
curl -H "Authorization: Bearer $TOKEN" \
  https://apiv2.waiflow.app/api/v2/auth/me

# Create API key
curl -X POST -H "Authorization: Bearer $TOKEN" \
  -d '{"name": "Production Key", "expires_in_days": 90}' \
  https://apiv2.waiflow.app/api/v2/api-keys

# Revoke key
curl -X DELETE -H "Authorization: Bearer $TOKEN" \
  https://apiv2.waiflow.app/api/v2/api-keys/{id}

# Rotate key
curl -X POST -H "Authorization: Bearer $TOKEN" \
  https://apiv2.waiflow.app/api/v2/api-keys/{id}/rotate

Endpoint	Method	Description
`/auth/login`	POST	Login (email/password), returns JWT
`/auth/refresh`	POST	Refresh token
`/auth/me`	GET	Current user + tenant
`/auth/magic-link/request`	POST	Request magic link
`/api-keys`	GET/POST	List/create API keys
`/api-keys/{id}`	GET/DELETE	Get/revoke key
`/api-keys/{id}/rotate`	POST	Rotate key

12. Usage & Billing

# Current period usage
curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
  https://apiv2.waiflow.app/api/v2/usage/current

# Daily breakdown
curl -H "X-API-Key: $MOLTFLOW_API_KEY" \
  "https://apiv2.waiflow.app/api/v2/usage/daily?days=30"

# List plans
curl https://apiv2.waiflow.app/api/v2/billing/plans

# Create checkout session
curl -X POST -H "Authorization: Bearer $TOKEN" \
  -d '{"plan": "pro", "cycle": "monthly", "success_url": "https://...", "cancel_url": "https://..."}' \
  https://apiv2.waiflow.app/api/v2/billing/checkout

# Billing portal
curl -H "Authorization: Bearer $TOKEN" \
  https://apiv2.waiflow.app/api/v2/billing/portal

Endpoint	Method	Description
`/usage/current`	GET	Current period usage + limits
`/usage/history`	GET	Historical usage
`/usage/daily`	GET	Daily breakdown
`/billing/plans`	GET	Available plans
`/billing/subscription`	GET	Subscription details (plan info, usage, next invoice)
`/billing/checkout`	POST	Stripe checkout session
`/billing/portal`	GET	Stripe billing portal
`/billing/cancel`	POST	Cancel subscription

Comparison with Other Skills

MoltFlow isn't a messaging wrapper — it's a complete WhatsApp business automation platform. Here's how it stacks up.

Messaging

Feature	MoltFlow	whatsapp-ultimate	wacli	whatsapp-automation
Send text	✅	✅	✅	❌
Send media (image, audio)	✅	✅	✅	❌
Polls	✅	✅	❌	❌
Stickers (URL + base64)	✅	✅	❌	❌
Voice notes	✅	✅	❌	❌
GIFs (URL + base64)	✅	✅	❌	❌
Reactions	✅	✅	❌	❌
Reply / Quote	✅	✅	❌	❌
Edit messages	✅	✅	❌	❌
Unsend messages	✅	✅	❌	❌
Send location	✅	❌	❌	❌
Send vCards (contact cards)	✅	❌	❌	❌
Star / unstar messages	✅	❌	❌	❌
Read receipts control	✅	❌	❌	❌
Typing simulation (anti-ban)	✅	❌	❌	❌
Presence management	✅	❌	❌	❌
Receive messages	✅	✅	✅	✅
Two-way chat	✅	✅	❌	❌

Groups

Feature	MoltFlow	whatsapp-ultimate	wacli	whatsapp-automation
List groups	✅	✅	❌	❌
Create group	✅	✅	❌	❌
Add / remove members	✅	✅ (full)	❌	❌
Promote / demote admin	✅	✅	❌	❌
Smart monitoring (keywords, mentions)	✅	❌	❌	❌
Group lead auto-detection	✅	❌	❌	❌
Group auto-respond	✅	❌	❌	❌
Per-group AI prompts	✅	❌	❌	❌

CRM & Lead Management

Feature	MoltFlow	whatsapp-ultimate	wacli	whatsapp-automation
Contact management	✅	❌	❌	❌
Lead pipeline & scoring	✅	❌	❌	❌
Lead auto-detection	✅	❌	❌	❌
Label system (WA Business sync)	✅	❌	❌	❌
Team assignment	✅	❌	❌	❌

AI & Intelligence

Feature	MoltFlow	whatsapp-ultimate	wacli	whatsapp-automation
AI reply suggestions	✅	❌	❌	❌
Style cloning (Learn Mode)	✅	❌	❌	❌
Knowledge base (RAG)	✅	❌	❌	❌
Voice transcription (Whisper)	✅	❌	❌	❌
AI auto-labeling	✅	❌	❌	❌
AI auto-responses	✅	❌	❌	❌
AI prompt templates	✅	❌	❌	❌

Analytics & Reporting

Feature	MoltFlow	whatsapp-ultimate	wacli	whatsapp-automation
Message statistics	✅	❌	❌	❌
Engagement insights	✅	❌	❌	❌
Lead pipeline analytics	✅	❌	❌	❌
Executive briefing	✅	❌	❌	❌
Team activity & workload	✅	❌	❌	❌

Compliance & Security

Feature	MoltFlow	whatsapp-ultimate	wacli	whatsapp-automation
Anti-spam engine (human-like typing)	✅	❌	❌	❌
GDPR audit logging	✅	❌	❌	❌
Content filtering (PII, secrets, injection)	✅	❌	❌	❌
Consent tracking	✅	❌	❌	❌
Tiered rate limiting	✅	❌	❌	❌

Review Collection

Feature	MoltFlow	whatsapp-ultimate	wacli	whatsapp-automation
Auto review collection	✅	❌	❌	❌
Sentiment analysis (14+ languages)	✅	❌	❌	❌
Testimonial export (JSON / HTML)	✅	❌	❌	❌

Platform & Infrastructure

Feature	MoltFlow	whatsapp-ultimate	wacli	whatsapp-automation
Multi-session (up to 10 numbers)	✅	❌	❌	❌
Webhooks (30+ event types)	✅	❌	❌	❌
Real-time SSE events	✅	❌	❌	❌
API key management	✅	❌	❌	❌
Multi-tenant architecture	✅	❌	❌	❌
A2A protocol (E2E encrypted)	✅	❌	❌	❌
Web dashboard	✅	❌	❌	❌
Stripe billing	✅	❌	❌	❌

Summary

	MoltFlow	whatsapp-ultimate	wacli	whatsapp-automation
Messaging	18 / 18	14 / 18	3 / 18	1 / 18
Business features	40+	0	0	0
Total	58+	~15	~3	~1
External deps	Docker + WAHA	None	Go binary	Docker + WAHA

Notes

All messages include anti-spam compliance (typing indicators, random delays)
Rate limits by plan: Free 10/min, Starter 20/min, Pro 40/min, Business 60/min
Sessions require QR code pairing on first connect
Use E.164 phone format without + where required
AI features require Pro plan or above
A2A protocol requires Business plan
Anti-spam rules support pattern matching with block, flag, or delay actions
Content safeguards filter secrets (API keys, tokens), PII (SSN, credit cards), and prompt injection
AI reply generation includes safety: input sanitization, intent verification, output filtering
API keys use name + expires_in_days (no scopes param); raw key shown only once at creation
Respect WhatsApp opt-in, business hours, and opt-out requests

[moltflow file map]|root: .
|.:{SKILL.md,package.json}
|scripts:{quickstart.py,a2a_client.py,send_message.py,admin.py,ai_config.py,reviews.py}