Webhook Router

This skill is classified as suspicious due to multiple critical vulnerabilities related to insecure handling of untrusted input. The `register.sh` script is vulnerable to shell injection via `sed` when creating handler templates, potentially allowing arbitrary file modification or command execution if an attacker controls the `source-type` argument. Furthermore, all handler scripts (`handlers/custom.sh`, `handlers/generic.sh`, `handlers/github.sh`) pass unsanitized data derived from untrusted webhook payloads directly to `message send` and `vault write` commands. Given that OpenClaw instructions are executed by an AI agent, this presents a direct prompt injection vulnerability against the agent, allowing an attacker to inject arbitrary instructions or commands via crafted webhook payloads. A hardcoded `X-Hook-Token` in `SKILL.md` and `register.sh` is also a minor security flaw.