Webhook Debugger
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is a purpose-aligned webhook debugging guide, but users should verify the unspecified `webhook` CLI and handle captured webhook data carefully.
This appears suitable for webhook development and testing. Before installing or using it, confirm that the `webhook` command comes from a trusted source, run listeners only in controlled environments, avoid replaying real production secrets, verify any forwarding URL, and clear local history after debugging.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a different or untrusted `webhook` executable is on the system path, the commands may not behave as the skill describes.
The skill declares no binary or install requirement but documents use of a `webhook` command, leaving the actual executable and its provenance outside the provided artifacts.
"requires": { "bins": [] }, "install": [] ... `webhook listen 8080`Before use, verify which `webhook` CLI will run and install it only from a trusted, pinned source.
A mistaken target URL could disclose webhook contents or trigger actions in another service.
Replay and forwarding are central to webhook debugging, but they can resend captured requests to arbitrary user-supplied destinations.
`webhook replay <id> <url>` - Replay to new URL `webhook forward <url>` - Forward to another service
Use test data when possible and explicitly confirm replay or forwarding destinations before running those commands.
Captured webhook data may remain on the local machine after debugging unless cleared.
The skill discloses persistent local history for received webhook requests, which may include sensitive headers, signatures, or payload data.
- ⏱️ Request history - History stored locally
Avoid capturing production secrets unless necessary, use `webhook clear` after debugging, and check where the CLI stores history.