ClawHub

webhook-automation

Security checks across malware telemetry and agentic risk

Overview

This webhook skill is coherent, but its sample server can accept unauthenticated webhook requests despite promising signature protection.

Review carefully before installing or adapting this in production. Require a configured secret, reject missing signatures, implement provider-specific verification for GitHub, Slack, and Stripe, bind only to the intended interface behind HTTPS, and avoid logging or storing raw webhook payloads unless access controls and retention are defined.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The signature verification routine explicitly returns success when no secret is configured, which silently disables authentication for all incoming webhooks. In a webhook receiver, this allows spoofed requests from any source to be processed as trusted events, directly undermining the skill’s stated security purpose.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The skill description promises signature validation and spoof filtering, but the implementation accepts unsigned requests whenever no secret is configured, and the request handler only rejects bad signatures when a signature header is present. That mismatch is dangerous because users may deploy this expecting authenticated webhook handling while attackers can submit forged events.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The sample server undermines the skill's stated security model by accepting unsigned requests and by returning success from signature verification when no secret is configured. In practice, this allows spoofed webhook events from arbitrary senders, which can trigger downstream automation, notifications, or business logic without authentication.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The provider notes correctly describe Slack and Stripe verification requirements, but the main server implementation does not actually validate Slack timestamps or Stripe's Stripe-Signature format and instead tries to reuse a generic HMAC flow. This mismatch can lead users to believe they are protected while accepting forged or replayed events from those providers.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The default handler logs a serialized slice of the raw webhook payload, which may include sensitive data such as user identifiers, message contents, metadata, or provider-specific secrets embedded in the body. In a webhook-processing skill, this is more dangerous because payloads come from external systems and often carry confidential or regulated data; logging them increases exposure through log aggregation, retention, and operator access.

Missing User Warnings

High
Confidence
98% confidence
Finding
Authentication can be disabled implicitly by configuration omission, with no hard failure or explicit user-facing warning. In an internet-facing webhook service, silent security downgrade is especially risky because operators may believe HMAC verification is active when it is not.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
Binding the server to 0.0.0.0 exposes it on all network interfaces, increasing the reachable attack surface of a service that already processes untrusted external input. While listening broadly is sometimes intentional for webhook receivers, doing so without explicit warning or secure defaults can lead to accidental public exposure.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The example loads a secret from local storage, but the real risk is that verification silently degrades to allow all requests if the secret is absent. In a webhook-handling skill, that context makes this more dangerous because users may assume the endpoint is protected while running it effectively unauthenticated.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal