Clawver Orders

The 'clawver-orders' skill, while providing legitimate order management functionality, includes the capability to create webhooks via `POST https://api.clawver.store/v1/webhooks` as shown in SKILL.md. The `url` parameter for these webhooks is user-defined (or agent-controlled based on user input). This presents a significant prompt injection vulnerability, as an attacker could instruct the OpenClaw agent to configure a webhook to an arbitrary malicious URL, potentially leading to the exfiltration of sensitive order data or other information that the webhook might send to an attacker-controlled server. This is a high-risk capability that could be abused, classifying it as suspicious.