ClawHub

hookpipe

v0.1.0

Reliable webhook infrastructure for AI agents. Receive webhooks from Stripe, GitHub, Slack, Shopify, Vercel with signature verification, durable queuing, and...

0· 95·0 current·0 all-time
byLawrence Lin@linyiru
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (reliable webhook ingestion and delivery) matches the declared requirement: a 'hookpipe' CLI binary and commands shown in SKILL.md. Requiring the hookpipe binary is expected for this purpose.
Instruction Scope
SKILL.md only instructs running the hookpipe CLI (connect, dev, tail, etc.) and configuring an api_url/token or provider secrets to forward events to a local gateway. It does not ask the agent to read unrelated files, environment variables, or system secrets.
Install Mechanism
Install specs point to an npm package 'hookpipe' and a brew formula 'hookpipe/hookpipe/hookpipe'. Installing arbitrary packages from npm or a non-core Homebrew tap is a common but nontrivial supply‑chain risk — the CLI will execute code on your machine. No direct red flags in the SKILL.md, but verify the package source, maintainers, and release artifacts before installing.
Credentials
The skill declares no required env vars and the instructions accept provider signing secrets and a hookpipe token via CLI arguments; this is proportionate to its role. Note: the token name shown (e.g., 'hf_sk_xxx') looks like a typical API token placeholder — confirm which service the token belongs to before storing it in the CLI.
Persistence & Privilege
always is false and the skill does not request system-wide config access. The CLI will likely store its own configuration/token locally if used, which is normal for a user‑installed tool.
Assessment
This skill appears to be what it says: a wrapper around a 'hookpipe' CLI that buffers and forwards webhooks. Before installing or running it: (1) verify the npm package and Homebrew tap are the official hookpipe project (check the GitHub repo and package authors), (2) inspect the package or formula source and release checksums if possible, (3) avoid running installs as root, pin a version, and review what the CLI stores locally (tokens/config), (4) only provide signing secrets and tokens you control and understand (do not paste production secrets without verifying the service), and (5) if you rely on Cloudflare Workers or a hosted endpoint, confirm the hosted endpoint is legitimate. If you can’t verify the package origin, treat installation as higher risk.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bj9xmck1py3p143pmp40zwd837kma

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔥 Clawdis
Binshookpipe

Install

Install hookpipe CLI (npm)
Bins: hookpipe
npm i -g hookpipe
Install hookpipe CLI (brew)
Bins: hookpipe
brew install hookpipe/hookpipe/hookpipe

Comments