ClawHub

Fieldy AI Webhook

v0.1.2

Wire a Fieldy webhook transform into Moltbot hooks.

3· 2.2k·3 current·3 all-time
by@mrzilvis
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Fieldy webhook → Moltbot transform) align with the included transform script and the SKILL.md instructions. The skill requires no unrelated credentials or binaries and the script only reads/parses incoming webhook payloads, writes transcript JSONL files to a workspace subdirectory, and returns a message to trigger an agent run.
Instruction Scope
Instructions are focused on placing the transform in the transformsDir and adding a Moltbot mapping; they explicitly instruct editing ~/.clawdbot/moltbot.json and restarting the gateway. The transform writes transcript logs under <workspace>/fieldy/transcripts and may use process.env.CLAWDBOT_WORKSPACE or walk the filesystem to locate the workspace. This behavior is expected for local logging but means transcripts (possibly PII) will be stored on disk — the user should confirm acceptable storage location and permissions.
Install Mechanism
No install spec; instruction-only with a single transform JS file. Nothing is downloaded from external URLs and no packages are installed by the skill itself.
Credentials
The skill declares no required environment variables or credentials. The code optionally reads CLAWDBOT_WORKSPACE to locate the workspace directory — appropriate and documented. The example token in SKILL.md refers to Moltbot's hooks.token (Moltbot config), not a secret required by the skill code itself.
Persistence & Privilege
always:false (default). The skill requires adding configuration to the user's Moltbot config and will create/write files under the detected workspace (fieldy/transcripts). It does not modify other skills' configs or request system-wide credentials.
Assessment
This skill appears to do what it says: parse incoming webhook payloads, log transcripts to <workspace>/fieldy/transcripts, and trigger the agent when a wake word is detected. Before installing: 1) Do not drop the script into a privileged system directory — use a workspace owned by a non-root user. The SKILL.md suggests /root/...; adapt that to a non-root path if appropriate. 2) Protect your Moltbot hooks token: prefer sending it in an Authorization header rather than embedding it in a public URL query string, and rotate it if exposed. 3) Transcripts may contain sensitive data — ensure the transcripts directory has appropriate filesystem permissions and retention policies. 4) If you need stricter verification of webhook origin (signatures, IP allowlist), add that into the transform — the current script does not validate source authenticity. 5) Review and test the transform in a safe environment to confirm the workspace detection logic uses the intended directory and that no unexpected files are read/written.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ce4ys6psh38b3dxaa46zxr18029qe

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments