Back to skill
Skillv1.0.1
VirusTotal security
Hookflo Webhooks · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:07 AM
- Hash
- fe6dd574c102d5ec3a2138617a21c793c81872d5d5da3460a616a5101da6284f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: hookflo-tern Version: 1.0.1 The skill is classified as suspicious due to its instructions for the AI agent to handle sensitive environment variables (e.g., `STRIPE_WEBHOOK_SECRET`, `GITHUB_WEBHOOK_SECRET`) and to construct code that performs network requests to user-defined URLs (e.g., `process.env.HOOKFLO_WEBHOOK_URL!`) while forwarding potentially sensitive `req.body` and `req.headers`. Although these capabilities are presented as part of the legitimate purpose of webhook verification and forwarding, they represent high-risk operations that, if misused or misconfigured by a malicious actor, could lead to data exfiltration or unauthorized access. The `SKILL.md` file details these operations, making the agent aware of and capable of performing them.
- External report
- View on VirusTotal