ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Webhook Robot

v1.1.0

Send messages to various webhook-based bots (WeCom, DingTalk, Feishu, etc.).

0· 997·4 current·4 all-time
by@takedwind
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The package contains Python scripts to send messages to many webhook services (WeCom, DingTalk, Feishu, Bark, Telegram, PushDeer, ServerChan, GoCqHttp, Gotify), which is coherent with the skill name and README. SKILL.md's brief usage section only shows WeCom and says 'currently supports WeCom' (and references a not-yet-implemented config.json) — this is a documentation mismatch but not an outright capability/credential incoherence. Required binary (python3) is appropriate.
Instruction Scope
Runtime instructions simply call the included scripts with user-supplied tokens/URLs. The scripts do network calls only to webhook endpoints (or whatever URL the user supplies). They do not read unrelated files or environment variables. Two operational notes: (1) many scripts accept arbitrary full URLs — if an attacker can supply URLs or cause the agent to run these scripts, they could be used to reach internal network endpoints (SSRF/probing). (2) SKILL.md mentions storing defaults in config.json 'to be implemented', so expected config behavior is incomplete.
Install Mechanism
There is no install script/spec and no remote downloads — this is instruction-only with bundled Python scripts. No archive downloads or package installs are requested, so install-surface risk is low.
Credentials
The skill declares no required environment variables or credentials, and scripts accept service tokens/keys as command-line arguments (which is proportionate). Warning: passing secrets on command lines can expose them via process lists or shell history. The skill does not request unrelated credentials or config paths.
Persistence & Privilege
The skill does not request always:true or other elevated persistence, and does not attempt to modify other skills or system-wide config. Model invocation is enabled (default), which is normal for skills; combine this with the note about arbitrary URLs if you plan to allow autonomous use.
Assessment
This skill appears to do what it says (send webhook messages). Before installing or using it: (1) review the scripts yourself (they are bundled and readable). (2) Avoid passing secret tokens on long-lived command lines—prefer secure config files or protected env vars if you adapt the scripts. (3) Be cautious about allowing autonomous/unsupervised use: the scripts accept arbitrary URLs, so an untrusted prompt could cause the agent to send requests to internal network endpoints. (4) Note the SKILL.md mentions a not-yet-implemented config.json; expect to supply keys/tokens via CLI until you implement safer storage. If you plan to use this in production, run it in a network-isolated environment and rotate tokens used for testing.

Like a lobster shell, security has layers — review code before you run it.

latestvk976ra8rkc8tpvvppxb5j0esqh810bbe

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🤖 Clawdis
Binspython3

Comments