Webhook Robot
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: webhook-robot Version: 1.1.0 The skill bundle is designed to send messages to various webhook-based services. While the core functionality is benign, the `scripts/send_gocqhttp.py` script allows specifying an arbitrary URL (`--url`) for the GoCqHttp API. This capability, while necessary for its stated purpose, introduces a potential Server-Side Request Forgery (SSRF) vulnerability if the agent's input is not adequately sanitized, allowing an attacker to direct the agent to make requests to internal network resources or other arbitrary external hosts. This is a risky capability without clear malicious intent within the script itself, thus classifying it as suspicious rather than malicious.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Messages could be sent to a chat, group, or notification channel using the supplied bot credentials.
The skill exposes scripts that can send user-supplied content to external chat or notification services. This is purpose-aligned, but message-sending tools can affect public or team-visible spaces if invoked with valid credentials.
python3 scripts/send_telegram.py --token "BOT_TOKEN" --chat_id "CHAT_ID" --content "Hello"
Confirm the destination and message content before using the skill, especially for shared, public, or work channels.
Anyone with these keys or tokens may be able to send messages through the corresponding bot or webhook.
Webhook tokens and secrets act as delegated authority for bot accounts. This is expected for the integration, but users should treat them as credentials.
parser.add_argument('--token', required=True, help='DingTalk access token')
parser.add_argument('--secret', help='DingTalk secret (optional, for security)')Use only tokens for bots you control, avoid exposing tokens in shared logs or shell history, and rotate/revoke tokens if they are accidentally disclosed.
Message content, including any sensitive text placed in the content field, will be transmitted to the selected webhook endpoint.
The script can send message content to a full webhook URL supplied at runtime. This is central to the skill's purpose, but the data boundary depends on the supplied URL.
group.add_argument('--url', help='The full webhook URL')
...
req = urllib.request.Request(url, data=json.dumps(data).encode('utf-8'), headers=headers)Only use trusted webhook URLs and avoid sending secrets, private documents, or confidential data unless the destination is appropriate.