ClawHub

Webhook Router

Security checks across malware telemetry and agentic risk

Overview

This is a real webhook router, but it is published with a specific hardcoded endpoint/token and can persist or forward raw webhook data, so users should review and reconfigure it before use.

Install only after replacing the Funnel URL and hook token with your own values, rotating any exposed token, enabling provider webhook signature validation, and deciding whether raw webhook payloads should ever be stored or sent to alert channels.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The documentation makes a misleading security claim that webhook payloads are logged as hashed, while earlier examples show full payloads being written to storage. This can cause operators to expose secrets, tokens, personal data, or business-sensitive webhook contents under the false assumption that only hashes are retained.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The generic handler is documented to log full webhook payloads, which conflicts with the later statement that payloads are only logged as hashed values. This inconsistency can mislead users into enabling a fallback handler that persistently stores raw inbound data, increasing risk of credential, PII, and secret leakage.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The generated handler template persists the full webhook payload into a vault path, which can capture secrets, personal data, tokens, and other sensitive fields from third-party webhook bodies. Even though the destination is a vault-like store, indiscriminate retention of raw payloads increases exposure, expands the blast radius of any vault compromise, and may violate data-minimization expectations for webhook processing.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill encourages logging full webhook payloads and storing them in a vault without a clear warning that webhook bodies commonly contain secrets, access tokens, PII, financial data, and internal event details. In a public webhook-receiver context, this creates a realistic data-exposure risk if logs are retained broadly, searched, forwarded, or accessed by other tools.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script sends alert content derived from untrusted webhook data to an external messaging channel without any redaction or sensitivity filtering. Even though it currently includes a summary rather than the full payload, extracted fields such as user, email, identifiers, status, and event names may contain secrets, PII, or attacker-controlled content that gets exfiltrated to a third-party channel and may trigger formatting or notification abuse.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The handler stores the incoming webhook payload, including potentially sensitive content, in vault storage by default after only truncating for size, not for confidentiality. Since webhook payloads often contain tokens, personal data, internal event details, or attacker-supplied content, this creates a persistent data exposure surface and may violate least-privilege and retention expectations if the vault path is broadly accessible or long-lived.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The handler forwards data derived from untrusted GitHub webhook payloads into external sinks (`message send` and `vault write`) without any consent boundary, filtering, or redaction. Repository names, issue titles, PR titles, commit messages, labels, and release text can contain sensitive internal information, and this script will propagate that data to other systems and logs, potentially widening exposure beyond the original webhook receiver.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal