Webhook Router
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is a plausible webhook router, but it ships with a personal-looking public webhook URL and hook token, so using the defaults could expose or misroute your webhooks.
Do not use this skill as-is. Before installing or running it, replace the Funnel URL and hook token with your own values, rotate any token that was published, enable provider signature verification, constrain handler names to registered safe values, and decide what webhook payload data may be stored or alerted.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who can see the skill can learn the bundled hook token and may be able to submit spoofed webhooks to that endpoint if it is live.
The registration script embeds a fixed public endpoint and hook token instead of requiring a user-specific secret, exposing invocation authority for the hook endpoint.
FUNNEL_URL="${FUNNEL_URL:-https://gregs-mac-mini.taila31444.ts.net}"
HOOK_TOKEN="${HOOK_TOKEN:-19e78f0288d476ee1197d4b374b6f73394abe121c12cc38a}"Do not use the bundled token. Rotate any exposed hook token, remove hardcoded credentials, and require the user to provide their own Funnel URL and hook token through local configuration.
Repository, issue, release, payment, or account event details could be delivered to a host outside the user's control if they follow the defaults.
The public setup directions route third-party GitHub and Stripe webhooks to a named Tailscale host that is not derived from the installing user's environment.
Payload URL: `https://gregs-mac-mini.taila31444.ts.net/hooks?source=github-<repo>` ... Stripe ... Endpoint URL: `https://gregs-mac-mini.taila31444.ts.net/hooks?source=stripe-payments`
Only configure webhooks to a Funnel URL you control. Replace all default URLs before use and verify the destination host and hook receiver.
Spoofed webhook events could trigger local alerts, logs, and handlers more easily, especially because the shared token is published in the skill.
The instructions disable provider-specific webhook secret validation and rely on a static header token that is also embedded in the artifact.
**Secret:** (leave blank - token is in header)
Require provider-native signature verification, such as GitHub HMAC secrets or Stripe signing secrets, and reject unsigned or invalid payloads.
A crafted source value could potentially select an unintended executable script if one exists near the handlers directory.
The source identifier is used directly to construct an executable handler path without visible normalization against slashes, dot-dot traversal, or a registration allowlist.
if [[ -x "${HANDLERS_DIR}/${SOURCE}.sh" ]]; then
HANDLER="${HANDLERS_DIR}/${SOURCE}.sh"
elif [[ -x "${HANDLERS_DIR}/${SOURCE_TYPE}.sh" ]]; then
...
RESULT=$("$HANDLER" "$PAYLOAD" "$SOURCE" "$EVENT_TYPE" 2>&1)Restrict source IDs to a safe pattern, resolve handler paths with realpath, ensure they remain under the handlers directory, and route only to registered allowlisted handlers.
Sensitive webhook fields or malicious text could be retained in local notes or memory and later be read by a user or agent.
The generic handler persists webhook payload content into a vault/memory store; this is purpose-aligned audit logging, but webhook bodies are untrusted and may contain sensitive data.
--arg payload "$TRUNCATED_PAYLOAD" ... write_to_vault "$VAULT_PATH/$TIMESTAMP" "$VAULT_CONTENT" "webhook,generic,${SOURCE}"Redact secrets and personal data before storage, set retention and size limits, and keep untrusted webhook logs separate from trusted agent memory.