Bazhuayu Rpa Webhook
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill appears to do its stated RPA webhook job, but it needs Review because it handles a powerful RPA signing key and includes misleading secret-storage and redaction guidance.
Install only if you trust the publisher and the configured RPA workflow. Treat BAZHUAYU_WEBHOOK_KEY like a password: avoid pasting it into shared logs or dotfiles, prefer temporary environment variables or a secret manager, review any cron schedule before enabling it, and verify the installed version/source before running helper scripts.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent with the key can trigger the configured RPA task, which may affect external business systems depending on what that RPA task does.
The skill requires a signing key that authorizes webhook calls to trigger external RPA tasks. This is purpose-aligned, but it is delegated authority over the user's configured RPA workflow.
`BAZHUAYU_WEBHOOK_KEY` | 签名密钥 | **必需**
Use a narrowly scoped webhook, rotate the key if exposed, and only let the agent invoke the skill when triggering that RPA task is intended.
A user may store the RPA signing key in a persistent shell profile while believing it is not written to disk, increasing the chance of local, backup, or dotfile-repository exposure.
Adding an export line to ~/.bashrc or ~/.zshrc stores the key in a disk file, so the statement that the key is not stored on disk is misleading.
# 添加到 ~/.bashrc 或 ~/.zshrc ... export BAZHUAYU_WEBHOOK_KEY="your-secret-key" ... 优势:- 密钥不存储在磁盘中
Correct the documentation to clearly distinguish temporary environment variables from shell-profile persistence, and recommend a secret manager or tightly permissioned local file for long-term storage.
Sensitive RPA parameters using Chinese or other non-English names may be displayed in configuration output or logs even though the skill advertises redaction.
The visible masking logic only checks English sensitive-field names, while the Chinese documentation examples include a parameter named `密码`; this can conflict with the advertised automatic sensitive-output masking.
SENSITIVE_FIELDS = ['key', 'password', 'secret', 'token', 'auth'] ... is_sensitive = any(s in name.lower() for s in SENSITIVE_FIELDS)
Expand redaction to include documented sensitive terms such as `密码`, `密钥`, and other localized names, and avoid documenting password-like parameters unless masking is verified.
If copied incorrectly, the command could delete local files; as written it removes the existing skill directory.
This is a destructive shell command, but it appears in manual upgrade documentation and is scoped to the skill's own installed directory.
rm -rf /root/.openclaw/workspace/skills/bazhuayu-webhook
Only run the delete command manually after verifying the exact path and keeping any needed configuration backups.
Once scheduled, the RPA workflow can run unattended at the configured time until the schedule is removed.
The documentation shows a user-configured cron schedule that will continue triggering the RPA task automatically.
0 9 * * * cd ~/.openclaw/workspace/skills/bazhuayu-webhook && python3 bazhuayu-webhook.py run
Use scheduled execution only for safe, intended workflows, and document how to disable the cron job.
Users may have less assurance about provenance and exactly which version they are installing.
The supplied registry metadata lacks a source/homepage and reports version 2.0.5, while the included SKILL.md and release notes describe v2.0.6.
Source: unknown; Homepage: none; Version: 2.0.5
Verify the publisher and installed files, and ask the maintainer to align registry version, homepage/source, and release documentation.