Back to skill
Skillv1.0.0
ClawScan security
webhook-send · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 5, 2026, 1:02 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's behavior (it reads a webhook URL from WEBHOOK_SEND_URL and posts messages) is simple and plausible, but the package metadata does not declare the required environment variable and there is a risk of sending secrets to an external endpoint — the mismatch and lack of explicit env var declaration are concerning.
- Guidance
- This skill performs simple POSTs to a webhook URL read from the environment. Before installing: 1) Expect to set WEBHOOK_SEND_URL (it is required by the instructions even though metadata doesn't list it) — ensure that URL points to a trusted endpoint and that any token in it is acceptable to share. 2) Don't put high-privilege credentials in that URL unless you trust the destination. 3) If you need stronger guarantees, ask the publisher to update the package metadata to declare WEBHOOK_SEND_URL as a required env var and to document exactly where data is sent. 4) Test in a safe environment (a disposable webhook receiver) to confirm behavior and rate/length limits before using in production. 5) If you see the skill asking for other env vars or reading system files, treat that as a red flag and avoid installing.
Review Dimensions
- Purpose & Capability
- concernThe SKILL.md explicitly says the webhook URL is read from the environment variable WEBHOOK_SEND_URL, but the registry metadata lists no required env vars and no primary credential. That mismatch is incoherent: a webhook-sending skill should declare WEBHOOK_SEND_URL as required so users know a secret/URL will be used.
- Instruction Scope
- noteInstructions are narrowly scoped: build a JSON body (text or markdown) and POST to the webhook URL using Content-Type: application/json. They do not instruct reading other files, system paths, or unrelated env vars. The only scope issue is that the SKILL.md relies on an env var not declared in the metadata.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files — lowest-risk installation footprint. Nothing is written to disk by an installer.
- Credentials
- concernThe skill will use a webhook URL (likely containing secret tokens) from WEBHOOK_SEND_URL, but that env var is not declared in requires.env/primaryEnv. Requiring an undeclared secret is disproportionate from a metadata/transparency standpoint. Also, any webhook URL is an external endpoint: the skill will transmit whatever message body the agent constructs, so users should treat the URL as a secret and verify the destination before use.
- Persistence & Privilege
- okalways is false and the skill is user-invocable only; it does not request persistent/global agent privileges or modify other skills. Autonomous invocation is allowed by default but not combined with other high-risk factors here.