ClawHub

Webhook Robot

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward webhook sender, but users should handle message contents and bot credentials carefully.

Install only if you want the agent to send messages through webhook services you control. Verify destination URLs, chat IDs, group IDs, and message content before sending; avoid putting secrets or sensitive documents in messages; avoid exposing tokens in shared logs or shell history; rotate any webhook key or bot token that may have been exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README explicitly describes sending messages to third-party webhook services but provides no warning that message content, chat identifiers, and metadata will leave the local environment and be delivered to external systems. In an agent-skill context, that omission can mislead users into using the skill with sensitive data, creating a real confidentiality risk even if the feature is intentional.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The usage examples normalize passing tokens, secrets, webhook keys, and destination identifiers directly on the command line without warning about exposure risks. Command-line secrets can leak through shell history, process listings, logs, screenshots, or agent telemetry, so the documentation encourages an unsafe secret-handling pattern.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill lacks an explicit warning that provided message content will be transmitted to external webhook services, which may include sensitive data. Without this disclosure, users may unknowingly send secrets, internal prompts, or personal information to third-party systems.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script accepts a DingTalk token and secret via command-line arguments, which can expose credentials through shell history, process listings, audit logs, or job runners. In an automation skill context, this is a real secret-handling weakness because webhook credentials are sufficient to send messages and may be reused across environments.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal