← Back to Skills Marketplace
3510
Downloads
4
Stars
26
Active Installs
1
Versions
Install in OpenClaw
/install webhook
Description
Implement secure webhook receivers and senders with proper verification and reliability.
Usage Guidance
This skill is a set of developer best practices — it itself does nothing and doesn't ask for credentials or install code. It's safe to read and use as guidance. If you implement these recommendations in your code, be careful to: (1) store webhook secrets and processed-event IDs securely (e.g., protected DB/Redis), (2) redact sensitive fields before logging, (3) limit log retention and access, and (4) validate any third-party IP allowlist/rotation flows before trusting them. Because the skill is instruction-only, there is low inherent risk; review any code you write based on these instructions for secure handling of secrets and logs.
Capability Analysis
Type: OpenClaw Skill
Name: webhook
Version: 1.0.0
The skill bundle contains a `_meta.json` file with standard metadata and a `SKILL.md` file that provides comprehensive best practices for implementing secure webhooks. The `SKILL.md` content is purely informational and instructional regarding webhook security, without any executable commands, prompt injection attempts, or instructions that would lead an AI agent to perform malicious or unauthorized actions. No high-risk behaviors or indicators of compromise were found.
Capability Assessment
Purpose & Capability
Name/description match the SKILL.md content: the document contains best-practice guidance for receiving, verifying, deduplicating, and sending webhooks. No unrelated environment variables, binaries, or install steps are requested.
Instruction Scope
Instructions stay within webhook design and operational concerns (signature verification, replay prevention, idempotency, retries, logging). They recommend storing event IDs, logging payloads, and using databases/Redis — this is appropriate for the stated purpose, but implementers must ensure logs and stored payloads are redacted/secured as the doc itself notes.
Install Mechanism
No install spec or code files are present (instruction-only). This is the lowest-risk approach — nothing is downloaded or written to disk by the skill itself.
Credentials
The skill declares no required environment variables, credentials, or config paths. The guidance mentions secrets and databases as expected implementation details but does not request access to any credentials, which is proportionate.
Persistence & Privilege
always:false and normal model invocation are used. The skill does not request persistent system presence or modify other skills or system settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install webhook - After installation, invoke the skill by name or use
/webhook - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is Webhook?
Implement secure webhook receivers and senders with proper verification and reliability. It is an AI Agent Skill for Claude Code / OpenClaw, with 3510 downloads so far.
How do I install Webhook?
Run "/install webhook" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Webhook free?
Yes, Webhook is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Webhook support?
Webhook is cross-platform and runs anywhere OpenClaw / Claude Code is available (linux, darwin, win32).
Who created Webhook?
It is built and maintained by Iván (@ivangdavila); the current version is v1.0.0.
More Skills