Hookaido Webhook Integration
ReviewAudited by ClawScan on May 1, 2026.
Overview
This is a coherent Hookaido operations skill, but it legitimately needs webhook secrets and can run or mutate webhook queues, so users should install it only for intended Hookaido administration.
Install this skill if you want an agent to help operate Hookaido. Before using it in production, confirm which Hookaidofile, database, token, and environment it will access; keep MCP read-only unless mutations are needed; and require explicit approval for DLQ deletes, queue acknowledgements, runtime control, or exec-based webhook handlers.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent using these credentials could authenticate to Hookaido pull or ingress flows within the configured environment.
The skill requires a pull API token and ingress secret, which are sensitive credentials. This is expected for authenticated webhook receiving and consumption.
requires:
bins:
- hookaido
env:
- HOOKAIDO_PULL_TOKEN
- HOOKAIDO_INGRESS_SECRETUse least-privilege tokens where possible, keep them out of logs and shared prompts, and rotate them if exposed.
Incorrect use could acknowledge, requeue, or delete webhook events and change downstream processing behavior.
The documentation includes Admin API mutations that can requeue or delete dead-letter queue items. This is aligned with Hookaido operations but can permanently affect webhook processing state.
# Delete DLQ items
curl -sS -X POST "http://127.0.0.1:2019/dlq/delete" ... -d '{"ids":["evt_3"]}'Review backlog and DLQ entries before mutation, use explicit IDs, include audit reasons, and require human confirmation for deletes or production queue changes.
If configured carelessly, incoming webhooks could trigger local scripts or deployment actions.
Hookaido supports subprocess webhook handlers, meaning webhook delivery can execute a local script. The skill presents this as an explicit optional module, not hidden behavior.
deliver exec "/opt/hooks/deploy.sh" {
timeout 30s
retry exponential max 3 base 1s cap 30s jitter 0.2
env DEPLOY_ENV production
}Only use exec delivery with trusted scripts, strict webhook signature verification, timeouts, and non-privileged execution accounts.
Installing the skill places a third-party Hookaido binary on the machine.
The installer downloads an external release binary, but the script pins the default version and verifies the downloaded artifact against embedded SHA256 values.
url="https://github.com/${repo}/releases/download/${tag}/${artifact}"
...
curl --proto '=https' --tlsv1.2 -fL "$url" -o "$archive"
...
if [[ "$actual_sha" != "$expected_sha" ]]; thenPrefer the pinned installer or pinned Go install path, and avoid overriding the version unless you also provide and verify the expected checksum.
A globally registered or mutation-enabled MCP server could let an agent inspect or change Hookaido queue state from more contexts than intended.
The skill documents MCP server modes, including mutation-enabled operation and optional global registration. This is disclosed and role-based, but it can expose Hookaido operations to agent tooling beyond one local task.
hookaido mcp serve --config ./Hookaidofile --db ./.data/hookaido.db \ --enable-mutations --role operate --principal ops@example.test ... Use `~/.claude/settings.json` for global registration across all projects.
Use read-only MCP mode by default, prefer project-local registration, and enable operate/admin roles only for trusted workflows.