Webhook Debugger

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward webhook debugging guide, but users should handle replayed, forwarded, and stored webhook traffic as sensitive.

Before installing or using this skill, confirm which `webhook` CLI will run on your machine, prefer test data, only replay or forward requests to trusted endpoints, avoid forwarding production traffic unless necessary, and clear local request history after debugging sensitive integrations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly supports replaying and forwarding captured webhook requests to arbitrary URLs, but it does not warn users that webhook payloads commonly contain secrets, tokens, PII, or other sensitive business data. In this context, omission of a clear warning can lead to accidental exfiltration during debugging, especially when developers replay production-originated requests to third-party or personal endpoints.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal