.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
Getting OpenClaw to reply on WhatsApp is easy. Keeping it stable for weeks, keeping it private and not waking up to “account restricted” is where people get stuck.
This article is the production side of WhatsApp integration. It assumes you already linked WhatsApp once using a QR code. If you haven’t, start with connect OpenClaw to WhatsApp with a QR code.
Once WhatsApp is connected, the real work is keeping it stable and safe: limit who can message the bot, protect the gateway and treat session credentials like passwords.
What does "production” mean for a WhatsApp + OpenClaw setup?
Production can mean two things:
- You rely on it day to day and you don’t want random breakage
- You care about privacy and you don’t want one bad message to turn into a bad day
WhatsApp integration can be fragile because it depends on the WhatsApp Web protocol. That is why the controls around it matter more than they do for Telegram.
Phone number strategy that saves you later
If you only remember one thing from this guide, make it this: separate identities.
Use a dedicated number if you can
A dedicated number isolates risk. If you get flagged you don’t lose your personal account. It also keeps your personal chats far away from a tool that can store logs and messages on disk.
Avoid “sketchy” numbers
WhatsApp frequently blocks virtual or recycled numbers. Use a real SIM or eSIM from a normal carrier. You want the boring path.
WhatsApp rules and what triggers enforcement
WhatsApp is clear that bulk or automated messaging violates their rules. They publish a plain-English warning about this in their help center. Unauthorized use of automated or bulk messaging
In practice, the behavior that gets accounts flagged tends to look like spam:
- Messaging lots of new contacts fast
- Sending repetitive messages at high volume
- Getting reported by users
Personal assistant usage is a different profile than outbound messaging. If your setup is “me talking to my agent” you’re in a calmer zone.
Lock access down at the channel level
The easiest mistake is assuming “if it’s linked then it’s private”. It’s not. You still have to control who can command your agent.
Start with pairing and allowlists. Keep them even after it’s working.
{
"channels": {
"whatsapp": {
"enabled": true,
"dmPolicy": "allowlist",
"allowFrom": ["+15551234567"]
}
}
}If you run a team bot, use a small allowlist and expand slowly. It’s boring and that’s the point.
Protect the gateway like it’s an admin panel
If your gateway is reachable from the public internet you are inviting scans. A public port is not “maybe risky”, it’s “sooner or later”.
The baseline hardening steps are covered in How to host OpenClaw securely on a VPS. The most important pieces for WhatsApp users are:
- Bind gateway to 127.0.0.1
- Firewall denies everything except what you need
- Gateway auth is enabled
If you’re remote-managing a VPS, SSH port forwarding is still one of the cleanest options because it exposes nothing publicly. Our KB guide covers the flow end to end. OpenClaw quickstart onboarding over SSH
Dependency hygiene matters more than you think
OpenClaw’s WhatsApp integration is built on Baileys. Baileys itself is solid, but the Node ecosystem gets targeted with lookalike packages.
In late 2025 researchers reported a malicious npm package that mimicked Baileys behavior and stole WhatsApp tokens and messages. If you install WhatsApp tooling casually, you can get burned. Report on the malicious Baileys fork
Practical habits that help:
- Pin dependencies where you can
- Install from the expected package scope and double-check the name before you hit Enter
- Keep the OpenClaw install path clean and avoid random “one-liner” scripts from strangers
Protect your memory and logs
WhatsApp messages can end up in logs, memory files and session state depending on how you configured OpenClaw. That’s a feature until it contains something sensitive you didn’t mean to store.
If you want a clear mental model for what gets written to disk and how to control it, read OpenClaw memory explained. The short version is: memory is editable so take advantage of that. Trim it and don’t let it become a junk drawer.
Common production failures and what to do
WhatsApp disconnects after a day
Check Linked Devices on the phone. You may need to re-link if the session is revoked. Also confirm your VPS clock is correct because auth handshakes hate clock drift.
Everything works then breaks after an update
This is the WhatsApp Web protocol reality. Keep an eye on Baileys release notes and be conservative about updating on a Friday evening.
Someone can message the bot who shouldn’t
Assume your allowlist is wrong, then fix it. Don’t debate it. Lock it down first and re-open later.
