Webhook Debugger
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a different or untrusted `webhook` executable is on the system path, the commands may not behave as the skill describes.
The skill declares no binary or install requirement but documents use of a `webhook` command, leaving the actual executable and its provenance outside the provided artifacts.
"requires": { "bins": [] }, "install": [] ... `webhook listen 8080`Before use, verify which `webhook` CLI will run and install it only from a trusted, pinned source.
A mistaken target URL could disclose webhook contents or trigger actions in another service.
Replay and forwarding are central to webhook debugging, but they can resend captured requests to arbitrary user-supplied destinations.
`webhook replay <id> <url>` - Replay to new URL `webhook forward <url>` - Forward to another service
Use test data when possible and explicitly confirm replay or forwarding destinations before running those commands.
Captured webhook data may remain on the local machine after debugging unless cleared.
The skill discloses persistent local history for received webhook requests, which may include sensitive headers, signatures, or payload data.
- ⏱️ Request history - History stored locally
Avoid capturing production secrets unless necessary, use `webhook clear` after debugging, and check where the CLI stores history.