Ifttt

v1.0.0

IFTTT (If This Then That) automation — trigger webhooks, manage applets, and fire events via the IFTTT Webhooks and API. Connect 800+ services with simple if...

⭐ 0· 366·3 current·3 all-time

by@aiwithabidi

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The SKILL.md claims both Webhooks and the IFTTT Connect API (user info, applet management). The bundled script uses a single API_BASE of "https://maker.ifttt.com/trigger" and builds paths like "/user" and "/applets" against that base — these endpoints do not match the documented Connect API or standard maker webhook URL formats. That mismatch suggests the code will not behave as advertised or was assembled incorrectly.

Instruction Scope

SKILL.md states 'stdlib only' and shows CLI usage, but the runtime script's get_token() will attempt to read a .env file from a workspace path (os.environ.get('WORKSPACE', '~/.openclaw/workspace') + '/.env') if the IFTTT_WEBHOOK_KEY env var is not set. The manifest declared no required config paths, yet the script reads a user-local .env file — this is scope creep and could expose other secrets in that file.

✓

Install Mechanism

There is no install spec (instruction-only plus a small Python script). Nothing is downloaded or written to disk by an installer. Risk from installation mechanism is low.

ℹ

Credentials

The skill declares a single required env var (IFTTT_WEBHOOK_KEY), which is appropriate for webhook operations. However, the script also reads WORKSPACE (if set) and tries to load ~/.openclaw/workspace/.env to extract IFTTT_WEBHOOK_KEY. Reading an undeclared .env file is not proportional to the claimed requirements and may expose unrelated secrets. Also the script adds an Authorization: Bearer <token> header — maker webhook API typically expects the key in the URL, so this header use is unexpected.

✓

Persistence & Privilege

always:false and no modifications to other skills or system-wide settings. The script does not persist data (no writes) and only reads the workspace .env; it does not require elevated privileges or permanent presence.

What to consider before installing

This skill is suspiciously inconsistent rather than overtly malicious. Before installing: (1) Confirm whether the skill should call IFTTT Connect API vs Maker Webhooks — the code uses a maker base URL but claims Connect functionality (user/applets/services), so it is likely broken or misconfigured. (2) Be aware the script will try to read a .env from your workspace (~/.openclaw/workspace/.env by default) if IFTTT_WEBHOOK_KEY isn't set — that file could contain unrelated secrets, so either set IFTTT_WEBHOOK_KEY explicitly or check the .env contents first. (3) Prefer using a restricted IFTTT webhook key with minimal scope. (4) Ask the publisher to update the manifest to declare the workspace .env access (or remove that behavior) and to fix API endpoint usage (or document why Bearer auth is used). If you don't trust the source or cannot confirm these fixes, do not install.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🔀 Clawdis

EnvIFTTT_WEBHOOK_KEY

Primary envIFTTT_WEBHOOK_KEY

latestvk971raaw4zzenp7yhavnqn7g49828s01

366downloads

0stars

1versions

Updated 1mo ago

v1.0.0

MIT-0

🔀 IFTTT

IFTTT (If This Then That) automation — trigger webhooks, manage applets, and fire events via the IFTTT Webhooks and API.

Features

Webhook triggers — fire custom events with data
Event data — pass up to 3 values per trigger
Service queries — check connection status
User info — get authenticated user details
Applet management — list and manage applets (Connect API)
Trigger history — recent webhook activity
Multi-event — fire multiple events in sequence
JSON payload — send structured data via webhooks

Requirements

Variable	Required	Description
`IFTTT_WEBHOOK_KEY`	✅	API key/token for IFTTT

Quick Start

# Fire a webhook event
python3 {baseDir}/scripts/ifttt.py trigger my_event --value1 "Hello" --value2 "World"

# Fire with JSON payload
python3 {baseDir}/scripts/ifttt.py trigger-json my_event '{"value1":"data1","value2":"data2","value3":"data3"}'

# Check webhook connectivity
python3 {baseDir}/scripts/ifttt.py status

# Get user info (Connect API)
python3 {baseDir}/scripts/ifttt.py user

Commands

`trigger`

Fire a webhook event.

python3 {baseDir}/scripts/ifttt.py trigger my_event --value1 "Hello" --value2 "World"

`trigger-json`

Fire with JSON payload.

python3 {baseDir}/scripts/ifttt.py trigger-json my_event '{"value1":"data1","value2":"data2","value3":"data3"}'

`status`

Check webhook connectivity.

python3 {baseDir}/scripts/ifttt.py status

`user`

Get user info (Connect API).

python3 {baseDir}/scripts/ifttt.py user

`applets`

List applets (Connect API).

python3 {baseDir}/scripts/ifttt.py applets --limit 20

`applet-enable`

Enable an applet.

python3 {baseDir}/scripts/ifttt.py applet-enable abc123

`applet-disable`

Disable an applet.

python3 {baseDir}/scripts/ifttt.py applet-disable abc123

`services`

List connected services.

python3 {baseDir}/scripts/ifttt.py services

Output Format

All commands output JSON by default. Add --human for readable formatted output.

# JSON (default, for programmatic use)
python3 {baseDir}/scripts/ifttt.py trigger --limit 5

# Human-readable
python3 {baseDir}/scripts/ifttt.py trigger --limit 5 --human

Script Reference

Script	Description
`{baseDir}/scripts/ifttt.py`	Main CLI — all IFTTT operations

Data Policy

This skill never stores data locally. All requests go directly to the IFTTT API and results are returned to stdout. Your data stays on IFTTT servers.

Credits

Built by M. Abidi | agxntsix.ai YouTube | GitHub Part of the AgxntSix Skill Suite for OpenClaw agents.

📅 Need help setting up OpenClaw for your business? Book a free consultation

Comments

Loading comments...