Webhook Debugger
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: webhook-debugger Version: 1.0.0 The skill bundle contains only metadata and documentation (SKILL.md) for a webhook debugging utility. The described functionality, including listening for local webhooks, inspecting payloads, and replaying requests, is consistent with standard developer tools and lacks any indicators of malicious intent, data exfiltration, or prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a different or untrusted `webhook` executable is on the system path, the commands may not behave as the skill describes.
The skill declares no binary or install requirement but documents use of a `webhook` command, leaving the actual executable and its provenance outside the provided artifacts.
"requires": { "bins": [] }, "install": [] ... `webhook listen 8080`Before use, verify which `webhook` CLI will run and install it only from a trusted, pinned source.
A mistaken target URL could disclose webhook contents or trigger actions in another service.
Replay and forwarding are central to webhook debugging, but they can resend captured requests to arbitrary user-supplied destinations.
`webhook replay <id> <url>` - Replay to new URL `webhook forward <url>` - Forward to another service
Use test data when possible and explicitly confirm replay or forwarding destinations before running those commands.
Captured webhook data may remain on the local machine after debugging unless cleared.
The skill discloses persistent local history for received webhook requests, which may include sensitive headers, signatures, or payload data.
- ⏱️ Request history - History stored locally
Avoid capturing production secrets unless necessary, use `webhook clear` after debugging, and check where the CLI stores history.