ClawHub

webhook-send

Security checks across malware telemetry and agentic risk

Overview

This is a simple webhook message-sending skill, but users should treat the webhook URL and message contents as sensitive because messages are sent outside the local chat.

Install only if you intend your agent to send messages to a webhook you control or trust. Store WEBHOOK_SEND_URL like a secret, confirm the destination before use, and avoid sending passwords, tokens, personal data, or confidential business content unless that webhook is approved for it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README documents that the skill will send message content to an external webhook endpoint taken from an environment variable, but it does not clearly warn users that invoking the skill causes outbound network transmission and possible disclosure of sensitive data. In an agent setting, users may pass secrets, internal reports, or PII into the skill without realizing the content leaves the local trust boundary and is delivered to a third-party or internal HTTP endpoint.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list contains broad everyday terms like '群组', '通知', and '机器人', which can cause the skill to activate in contexts where the user did not intend to send an outbound webhook. Because this skill performs external HTTP POSTs, accidental activation can lead to unintended data transmission to the configured webhook endpoint.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly sends content via HTTP POST to an externally configured webhook URL but does not warn that user-supplied content may leave the local trust boundary. Users may provide sensitive text believing it is handled locally, creating a risk of unintended disclosure to third-party systems.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal