Description

Test webhooks and expose local services using HookCatch - a developer-friendly webhook testing tool

README (SKILL.md)

\r \r

HookCatch - Webhook Testing & Tunneling for OpenClaw\r

Name: HookCatch
Author: hookcatch

\r HookCatch is a webhook testing and localhost tunneling tool that lets you:\r

Create webhook bins to capture and inspect HTTP requests\r
Tunnel your localhost to test webhooks locally\r
Manage bins and view captured requests programmatically\r \r Perfect for testing webhook integrations (Stripe, Twilio, GitHub, etc.) from your OpenClaw skills.\r \r

Quick Start\r

\r

Authenticate with HookCatch:\r

hookcatch login\r
# Or use API token (recommended for automation):\r
hookcatch token generate\r
export HOOKCATCH_API_KEY="hc_live_..."\r
```\r

\r 2. Create a webhook bin:\r

hookcatch bin create --name "Test Stripe Webhooks"\r
# Returns: https://hookcatch.dev/b/abc123xyz\r
```\r
\r
\r
3. **View created bins:**\r
```bash\r
hookcatch bin list\r
```\r
\r
\r
4. **View captured requests:**\r
```bash\r
hookcatch bin requests abc123xyz --format json\r
```\r
OR\r
\r
```bash\r
hookcatch bin requests --binId abc123xyz --format json\r
```\r
\r
\r
## Available Commands\r
\r
### Bin Management\r
\r
**Create a new webhook bin:**\r
```bash\r
hookcatch bin create [--name "My Bin"] [--private] [--password "secret"] [--format json]\r
```\r
Options:\r
- `--name`: Optional bin name for organization\r
- `--private`: Create private bin (PLUS+ tier required)\r
- `--password`: Set password for private bin (min 4 chars)\r
- `--format`: Output format (`json` recommended for automation)\r
\r
Returns: Bin ID, webhook URL, and view URL\r
\r
**List your bins:**\r
```bash\r
hookcatch bin list [--format json]\r
```\r
Shows all your bins with request counts and status.\r
\r
**Get requests for a bin:**\r
```bash\r
hookcatch bin requests \x3CbinId> [--limit 50] [--format json|table] [--method GET] [--password "secret"]\r
```\r
Options:\r
- `--limit`: Number of requests to fetch (default: 50)\r
- `--format`: Output format - `json` for scripts, `table` for viewing\r
- `--method`: Filter by HTTP method (GET, POST, etc.)\r
- `--password`: Password for private bins (if required; owners can use their auth token)\r
\r
**Show a single request:**\r
```bash\r
hookcatch request \x3CrequestId> \x3CbinId> [--format json|pretty] [--password "secret"]\r
```\r
\r
**Delete a bin:**\r
```bash\r
hookcatch bin delete \x3CbinId> --yes\r
```\r
\r
**Update a bin:**\r
```bash\r
hookcatch bin update \x3CbinId> --name "New Name"\r
hookcatch bin update \x3CbinId> --private --password "secret123"\r
hookcatch bin update \x3CbinId> --public\r
```\r
\r
**Show a single request:**\r
```bash\r
hookcatch request \x3CrequestId> \x3CbinId> [--format json|pretty]\r
```\r
\r
**Replay a request to a new URL:**\r
```bash\r
hookcatch replay \x3CbinId> \x3CrequestId> \x3Curl>\r
hookcatch replay --binId \x3CbinId> --requestId \x3CrequestId> --url \x3Curl>\r
```\r
\r
### Localhost Tunneling\r
\r
**Expose your localhost:**\r
```bash\r
hookcatch tunnel 3000\r
# Creates: https://hookcatch.dev/tunnel/xyz789\r
```\r
\r
**List active tunnels:**\r
```bash\r
hookcatch tunnel list\r
```\r
\r
**Stop a tunnel:**\r
```bash\r
hookcatch stop \x3CtunnelId>\r
```\r
\r
Forward incoming requests from the public URL to your local port 3000.\r
\r
**Tunnel limits:**\r
- FREE: 5 min/session, 3 sessions/day\r
- PLUS: 1h/session, unlimited\r
- PRO/ENTERPRISE: Unlimited\r
\r
### API Token Management\r
\r
**Generate long-lived API token:**\r
```bash\r
hookcatch token generate\r
# Store the token for automation\r
export HOOKCATCH_API_KEY="hc_live_..."\r
```\r
\r
**Check token status:**\r
```bash\r
hookcatch token status\r
```\r
\r
**Revoke token:**\r
```bash\r
hookcatch token revoke --yes\r
```\r
\r
**Account status:**\r
```bash\r
hookcatch status\r
hookcatch whoami\r
```\r
\r
## Usage Examples for OpenClaw Skills\r
\r
### Example 1: Test Stripe Webhooks\r
\r
```bash\r
# Create a bin for Stripe\r
BIN_URL=$(hookcatch bin create --name "Stripe Test" --format json | jq -r '.url')\r
\r
# Use this URL in Stripe dashboard as webhook endpoint\r
echo "Configure Stripe webhooks to: $BIN_URL"\r
\r
# Wait for webhooks...\r
sleep 10\r
\r
# Fetch and analyze captured webhooks\r
hookcatch bin requests abc123xyz --format json | jq '.[] | {event: .body.type, amount: .body.data.object.amount}'\r
```\r
\r
### Example 2: Test Local API\r
\r
```bash\r
# Start your local API on port 8000\r
# python -m http.server 8000 &\r
\r
# Expose it via tunnel\r
hookcatch tunnel 8000 --password \x3Cpassword>\r
\r
# Now external services can reach your local API via:\r
# https://hookcatch.dev/tunnel/xyz789\r
```\r
\r
### Example 3: Debug GitHub Webhooks\r
\r
```bash\r
# Create bin\r
hookcatch bin create --name "GitHub Webhooks"\r
\r
# In GitHub repo settings, add webhook URL\r
# Trigger events (push, PR, etc.)\r
\r
# View requests\r
hookcatch bin requests abc123xyz --method POST --limit 10\r
```\r
\r
## Integration with OpenClaw Skills\r
\r
When building OpenClaw skills that need to test webhooks:\r
\r
```javascript\r
// In your skill script\r
import { exec } from 'child_process';\r
import { promisify } from 'util';\r
\r
const execAsync = promisify(exec);\r
\r
// Create a bin\r
const { stdout } = await execAsync('hookcatch bin create --format json');\r
const { binId, url } = JSON.parse(stdout);\r
\r
// Use the webhook URL in your integration\r
console.log(`Webhook URL: ${url}`);\r
\r
// Later, fetch requests\r
const { stdout: requests } = await execAsync(\r
`hookcatch bin requests ${binId} --format json`\r
);\r
const captured = JSON.parse(requests);\r
\r
// Process captured webhooks\r
for (const req of captured) {\r
console.log(`${req.method} ${req.path}: ${JSON.stringify(req.body)}`);\r
}\r
```\r
\r
## Environment Variables\r
\r
- `HOOKCATCH_API_KEY` - API token for authentication (recommended for automation)\r
- `HOOKCATCH_API_URL` - Override API URL (default: https://api.hookcatch.dev)\r
\r
\r
## Benefits for OpenClaw Users\r
\r
- **No more ngrok setup**: Use HookCatch tunnels for quick local testing\r
- **Webhook inspection**: See exactly what Stripe/Twilio/etc. is sending\r
- **Automation-friendly**: JSON output for easy parsing in skills\r
- **Private bins**: Keep your test data secure with password protection\r
- **Fast & simple**: One command to create bins or tunnels\r
\r
## Getting Help\r
\r
- Documentation: https://docs.hookcatch.dev\r
- Discord: Join #hookcatch in OpenClaw Discord\r
- GitHub: https://github.com/hookcatch/cli\r
- Email: [email protected]\r
\r
## Tips\r
\r
1. **Use API tokens for skills**: Generate a token once and use it in `HOOKCATCH_API_KEY`\r
2. **JSON format for automation**: Always use `--format json` when parsing in scripts\r
3. **Private bins for sensitive data**: Use `--private` for production webhook testing\r
4. **Clean up after testing**: Delete bins with `hookcatch bin delete` to stay within limits\r
\r
---\r
\r
**Built for OpenClaw by the HookCatch team** 🪝\r

Usage Guidance

This skill is a thin, well-documented wrapper around the HookCatch CLI and appears to do what it claims. Before installing: 1) Confirm you trust the upstream 'hookcatch' CLI package (review the npm package and linked GitHub repo or docs) because the wrapper simply invokes that binary. 2) Protect your HOOKCATCH_API_KEY — do not paste it into public places. The README suggests storing it in ~/.openclaw/openclaw.json; if you do so, ensure that file's permissions and storage are appropriate. 3) Be cautious when using tunnels or replay functionality: exposing a local port publicly or replaying captured requests to arbitrary endpoints can leak sensitive data (webhook payloads often contain secrets). Use private bins, passwords, and short-lived tokens where possible, and rotate/revoke tokens if you suspect misuse. 4) The wrapper forces JSON output for some commands and maps env vars; this is benign but means any automation parsing output should expect that format. If you need higher assurance, inspect the hookcatch CLI code/repository before installing and avoid installing global packages from unknown sources.

Capability Analysis

Type: OpenClaw Skill Name: hookcatch Version: 1.0.1 The OpenClaw skill for HookCatch is a transparent wrapper for a legitimate webhook testing and localhost tunneling CLI tool. All code and documentation are aligned with its stated purpose, providing clear instructions and examples for using the `hookcatch` binary. The `bin/hookcatch-skill.js` wrapper enhances AI interaction by forcing JSON output and handling API key mapping, without introducing any malicious logic or attempting data exfiltration. While localhost tunneling (a core feature of HookCatch) is a powerful capability that could be misused, the skill itself does not instruct or facilitate such misuse, and there is no evidence of prompt injection or other intentional harmful behavior.

Capability Assessment

✓ Purpose & Capability

Name/description match required artifacts: the skill requires the 'hookcatch' CLI and HOOKCATCH_API_KEY, which are appropriate for a webhook testing / tunneling tool. The wrapper's behavior (mapping HOOKCATCH_API_KEY → HOOKCATCH_TOKEN and forcing JSON output) is consistent with its stated goal of making the CLI AI-friendly.

✓ Instruction Scope

SKILL.md and wrapper instruct the agent to run the hookcatch CLI and to store/ use an API token. The instructions do not read unrelated system files or request other environment variables. Example code uses child_process.exec/spawn to call the CLI — expected for a CLI wrapper. It does recommend placing a token in ~/.openclaw/openclaw.json (user config) which is normal but worth noting because that file will contain the token the skill uses.

ℹ Install Mechanism

Install spec uses npm to provide the 'hookcatch' CLI (a standard package manager). The skill includes an optional wrapper package.json (which lists hookcatch as a peerDependency) and a postinstall chmod step for the wrapper. Minor inconsistency: package.json marks hookcatch as a peerDependency rather than bundling it, but the SKILL.md/install metadata lists installing 'hookcatch' via npm — this is a documentation/packaging detail rather than a security problem. No arbitrary URL downloads or extraction from untrusted hosts were found.

✓ Credentials

Only HOOKCATCH_API_KEY (primaryEnv) is required; the wrapper also accepts HOOKCATCH_TOKEN for compatibility. No unrelated secrets or high-privilege credentials are requested. Environment usage seen in code is limited to mapping the API key/token to the CLI environment.

✓ Persistence & Privilege

The skill is not forced always-on (always:false) and does not request elevated privileges or modify other skills' configs. It only advises the user to add an API key to their OpenClaw config for convenience, which is a normal installation-time action.

Version History

v1.0.1

- Initial release of the hookcatch skill. - Added main entry point (bin/hookcatch-skill.js). - Included sample package.json for npm configuration. - Added STRUCTURE.md and test.sh for documentation and testing.

v1.0.0

Initial release of hookcatch skill for OpenClaw. - Test incoming webhooks and inspect requests using HookCatch webhook bins. - Instantly create, manage, and inspect webhook bins and captured requests via CLI. - Expose local services with secure, developer-friendly localhost tunnels—no ngrok required. - Automate all operations using API tokens, ideal for scripting and OpenClaw skill integration. - Supports private bins, JSON output for automation, and replay of captured requests. - Full documentation and community support included.

Metadata

Slug hookcatch

Version 1.0.1

License —

All-time Installs 0

Active Installs 0

Total Versions 2

Frequently Asked Questions

What is HookCatch?

Test webhooks and expose local services using HookCatch - a developer-friendly webhook testing tool. It is an AI Agent Skill for Claude Code / OpenClaw, with 626 downloads so far.

How do I install HookCatch?

Run "/install hookcatch" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is HookCatch free?

Yes, HookCatch is completely free (open-source). You can download, install and use it at no cost.

Which platforms does HookCatch support?

HookCatch is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created HookCatch?

It is built and maintained by HookCatch (@hookcatch); the current version is v1.0.1.

More Skills

HookCatch