Hookaido Webhook Integration

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Hookaido operations skill with disclosed install, webhook, queue, and MCP features; its risks are operational rather than deceptive.

Install this only if you want an agent to help operate Hookaido. Keep secrets in env or file refs, prefer read-only MCP mode by default, avoid global MCP registration unless needed, and require explicit approval before production queue mutations, DLQ deletes, runtime control, exec-based handlers, or sending real webhook payloads to live services.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill clearly instructs use of shell-capable actions such as running installers, invoking `go install`, executing `bash` scripts, and starting the `hookaido` binary, yet it declares no permissions to signal that capability. This creates a trust-boundary problem: users or orchestration systems may treat the skill as lower risk than it really is, allowing command execution and package installation without explicit permission gating.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 87% confidence
Finding: The documented behavior extends beyond webhook operation into software acquisition and local installation from external sources, which is materially different from merely administering webhooks. That mismatch can cause operators to authorize the skill for a narrow operational purpose while it also performs package download/install and possibly publication-related actions, expanding supply-chain and execution risk without clear disclosure.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill recommends subprocess delivery and outbound webhook/pull testing, which can execute local scripts and send live data to external or internal services, but it does not present a prominent explicit warning about side effects. In an agent setting, that omission increases the chance of unintended code execution, data exfiltration, or disruptive calls against production endpoints during routine troubleshooting.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal