New Describe a workflow. Raq.com builds it for you and runs it on autopilot. Try Automations free →
Dual AI Chat AI AI Pro Reasoning AI AI Image Lab AI AI Video Lab AI Automations AI Ask My Agent AI Team Comms Task Board Priorities AI Project Base AI Music Lab AI Render to Reality AI Vector Motion Lab AI Website Chatbox AI Pretty Docs AI CRM E-Sign Knowledge AI Meal Planner AI Health Insights AI Rewriter AI Screenshot Studio Screen Recorder Background Remover AI Image Optimiser Spreadsheet AI Transcribe AI Vocalise AI SEO Checker AI Form Builder AI Prompt Library AI Skill Library AI File Drop PDF Page Studio Diff Viewer Co-Write Compliance Tracker KPI Hub Contract Auditor AI Receipt Extractor AI FinUK Short URL QR Generator Email Signatures AI OneDrive Search AI Personas AI Arbiter AI Recall Dual AI Chat AI AI Pro Reasoning AI AI Image Lab AI AI Video Lab AI Automations AI Ask My Agent AI Team Comms Task Board Priorities AI Project Base AI Music Lab AI Render to Reality AI Vector Motion Lab AI Website Chatbox AI Pretty Docs AI CRM E-Sign Knowledge AI Meal Planner AI Health Insights AI Rewriter AI Screenshot Studio Screen Recorder Background Remover AI Image Optimiser Spreadsheet AI Transcribe AI Vocalise AI SEO Checker AI Form Builder AI Prompt Library AI Skill Library AI File Drop PDF Page Studio Diff Viewer Co-Write Compliance Tracker KPI Hub Contract Auditor AI Receipt Extractor AI FinUK Short URL QR Generator Email Signatures AI OneDrive Search AI Personas AI Arbiter AI Recall
Raq.com
Explore Tools Pricing Blog About Contact
Sign In Start Free Trial
Back to Blog
· The Raq.com Team

How to Build Secure WhatsApp Agents with OpenClaw and Raq.com

How to Build Secure WhatsApp Agents with OpenClaw and Raq.com

Every Raq.com module is an MCP endpoint. That means an agent connected to Meal Planner can create actual recipes with ingredients and steps, slot them into a weekly plan, and generate a shopping list. An agent connected to CRM can file leads and set next actions. The output lives in a real system with UI, search, history, and export built in.

That's why OpenClaw and Raq.com fit together well. OpenClaw is the agent layer - it runs the AI and handles the WhatsApp conversation. Raq.com is the work layer - it gives the agent proper tools, proper permissions, and somewhere real for the output to live.

This is not anti general-purpose AI

Broad agents still matter - Claude Code and Codex are useful precisely because they can look across a wide surface area. But sometimes the best agent is one with a tiny job and a tiny keyring. A meal-planning agent shouldn't be able to touch your CRM. A receipt bot doesn't need your task board.

The architecture

Use Codex or Claude Code to build and audit a specialist OpenClaw agent, then let OpenClaw run that agent inside a single WhatsApp group, with the real work written into narrowly scoped Raq.com tools over MCP.

It's a two-layer setup. Codex or Claude Code writes the wrapper and audits the config. OpenClaw handles the live WhatsApp conversation once the rails are in place. The fiddly part is the setup, the repetitive part is the audit - let the coding agent do both.

The secure pattern

  1. One WhatsApp group per job.
  2. One OpenClaw agent per group.
  3. One Raq.com API token per agent, scoped to the exact modules it needs.
  4. One narrow local wrapper per agent, so the agent never sees the raw token and cannot improvise its own requests.
  5. One OpenClaw exec allowlist per agent, so it can run the wrapper and nothing else.

Three control points. Raq.com controls what the token can access. The wrapper controls which operations are exposed. OpenClaw controls which commands the agent can execute and which groups can reach it. If one layer is sloppy, the others still help.

How to set one up

1. Pick one narrow workflow

Don't start with "a personal assistant for everything." Pick one job: meal planning, receipt capture, business decisions, household item logging. The narrower it is, the easier it is to tell whether it's actually useful.

2. Create a dedicated Raq.com token

Raq.com tokens support per-module abilities. That's the first line of defence. A meal planning token gets read and write access to Meal Planner. Nothing else. A receipt token gets Receipt Extractor. A sales token gets CRM and Task Board.

You can also point the wrapper at a narrower MCP pack endpoint instead of the full tool list.

3. Put the token in a local credentials file

Each specialist keeps its Raq.com token and account ID in a local credentials file on the machine. The wrapper reads that file. The agent doesn't. The agent should know it can assign a meal to a slot. It shouldn't know the bearer token, the account ID, or how to hand-roll its own HTTP calls.

4. Write a narrow wrapper

This is where Codex or Claude Code is useful. Have it build a tiny wrapper script for the workflow. In practice, the wrappers are small scripts like: 

skills/raq-meals/bin/meal-api
skills/raq-recall/bin/recall-api
skills/raq-health/bin/health-api

Those scripts post requests to the Raq.com MCP endpoint with the local token. The agent only sees the wrapper interface. That means the food agent can do things like: 

skills/raq-meals/bin/meal-api list-recipes --search "bibimbap"
skills/raq-meals/bin/meal-api assign-slot --plan-id PLAN_ID --day monday --meal-type dinner --recipe-id RECIPE_ID

It can't suddenly browse your CRM because there's no CRM command in the wrapper.

5. Create a specialist OpenClaw workspace

Give the agent its own workspace: SOUL.md for personality, AGENTS.md for operating rules, TOOLS.md for the local environment, and a skills/ folder with the wrapper instructions. One workspace per specialist.

6. Register the agent with a minimal tool profile

In openclaw.json, create a dedicated agent entry: 

{
  "id": "food-agent",
  "workspace": "~/.openclaw/workspace-food-agent",
  "tools": {
    "profile": "minimal",
    "allow": ["read", "write", "exec"],
    "fs": { "workspaceOnly": true },
    "exec": {
      "security": "allowlist",
      "ask": "on-miss"
    },
    "elevated": { "enabled": false }
  }
}

Minimal tools. Allowlisted exec. No elevation. One gotcha: if the agent needs to inspect inbound WhatsApp photos stored outside the workspace, workspaceOnly may be too strict. Keep that in mind for image-heavy workflows like Recall or receipts.

7. Allowlist the wrapper, not the shell

This is the part people skip, and it's the whole game. In exec-approvals.json, allow the specific wrapper path for that agent and deny everything else by fallback: 

{
  "food-agent": {
    "security": "allowlist",
    "ask": "on-miss",
    "askFallback": "deny",
    "allowlist": [
      {
        "id": "MEAL_API_WRAPPER",
        "pattern": "~/.openclaw/workspace-food-agent/skills/raq-meals/bin/meal-api"
      }
    ]
  }
}

The agent can run the wrapper. It can't run arbitrary shell just because it had an idea.

8. Bind one WhatsApp group to one agent

Add the group JID to the allowed groups, then map it to the specialist agent in the bindings array: 

{
  "match": {
    "channel": "whatsapp",
    "peer": { "kind": "group", "id": "120363421665030884@g.us" }
  },
  "agentId": "food-agent"
}

Different group, different agent, different workspace, different token, different wrapper.

9. Restart, reset, and test

Restart the gateway, reset the agent session, and test before using a real group message. Then ask Codex or Claude Code to review the final config: token scope matches the workflow, wrapper is narrower than the token, exec is allowlisted, fallback is deny, group binding is explicit, no path to elevated execution. Security mistakes here are usually dull ones.

Paste this article into Claude Code

Paste this article into Claude Code or Codex and tell it which Raq.com module you want to connect. It has enough context to generate the wrapper, workspace files, config block, and exec allowlist. Then have the other one review it.

Hardware setup

OpenClaw needs somewhere always-on - a spare laptop, Mac Mini, or VPS. Use a separate phone number for the WhatsApp connection, not your personal one. A cheap pay-as-you-go SIM in a basic Android phone is enough. Keep it on its own network path if you can, so your personal WhatsApp is completely separate from the agent surface.

Good Raq.com workflows for this pattern

Family kitchen - Meal Planner. Add recipes from URLs, slot meals into the week, generate shopping lists, create share links for anyone to cook from.

Personal trainer - Health Insights plus Meal Planner if you want training and food in the same lane.

Business decisions - Arbiter. Structure the decision, define criteria, collect viewpoints, run the blind evaluation.

House item log - Recall. Photo something, store it properly, then find it later.

Marketing ideas - AI Image Lab. Use the group as the briefing thread and keep the generated assets in a visual system rather than a pile of attachments.

Sales desk - CRM plus Task Board. Create leads and next actions from one conversation.

PA / ops - Team Comms, Task Board, and Priorities. "Remind Phil to send the proposal" creates a task card. "What's outstanding this week?" pulls from the board.

FAQ desk - Company Knowledge plus Project Base. Answer from documented knowledge, link to the real source, admit uncertainty when needed.

KPI group - KPI Hub. Nudge the team, collect updates, surface trends in one place.

Receipt drop - Receipt Extractor. Photo in, structured record out. End of month, export a CSV from Raq.com.

Every Raq.com tool is accessible via MCP. Create an API token in Settings with the abilities you need and connect it to your agent. Try it out - free trial, no card required.

Start Free Trial