← Back to Skills Marketplace
Webhook Debugger
by
chenxuyaun
· GitHub ↗
· v1.0.0
· MIT-0
409
Downloads
0
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install webhook-debugger
Description
Test, debug, and inspect webhooks locally. Receive webhooks, inspect payloads, debug integrations, and replay requests. Essential for API development and thi...
Usage Guidance
This skill looks like a straightforward webhook-debugging instructions sheet, but there are a few red flags you should address before relying on it: (1) SKILL.md expects a 'webhook' CLI but the skill doesn't declare or install that binary — verify which implementation is intended and only install it from a trusted source (official repo or package manager). (2) The included _meta.json metadata (owner/version) doesn't match the registry metadata — ask the publisher for canonical source code or homepage to verify provenance. (3) Replay/forward features will send received webhook payloads to arbitrary URLs; treat incoming webhooks as potentially sensitive and avoid forwarding them to unknown endpoints. (4) Ask where request history is stored and how long it is retained; inspect that storage location and secure it if it contains PII or secrets. If you can't confirm the CLI source or the publisher, prefer a known tool (official packages like ngrok/tunneling tools or well-known webhook debuggers) or ask the skill author to add an install section and authoritative repository links.
Capability Analysis
Type: OpenClaw Skill
Name: webhook-debugger
Version: 1.0.0
The skill bundle contains only metadata and documentation (SKILL.md) for a webhook debugging utility. The described functionality, including listening for local webhooks, inspecting payloads, and replaying requests, is consistent with standard developer tools and lacks any indicators of malicious intent, data exfiltration, or prompt injection.
Capability Assessment
Purpose & Capability
Name/description align with the SKILL.md: it describes receiving, inspecting, replaying, and forwarding webhooks. However, the instructions rely on an external 'webhook' CLI tool while requires.bins is empty and there is no install spec — that's an incoherence (the skill implicitly requires software that it doesn't declare or provide). Also _meta.json contains different owner/version metadata than the registry metadata, which is a provenance mismatch.
Instruction Scope
The SKILL.md stays on task: starting a listener, showing history, replaying and forwarding requests. It does not instruct reading unrelated files or environment variables. But replay/forward commands explicitly send received payloads to arbitrary URLs — a legitimate feature for debugging, but also a capability that can exfiltrate sensitive webhook data if misused or if the CLI comes from an untrusted source. The SKILL.md also omits where history is stored (path/retention), which is important for privacy.
Install Mechanism
No install spec is provided (instruction-only), which is low risk by itself. The concern is that SKILL.md assumes a preinstalled 'webhook' binary but does not declare it in requires.bins or give installation guidance or a trusted source (e.g., official repo or package). That leaves users unclear about what to install and from where, increasing risk if they download an unknown binary.
Credentials
The skill declares no required environment variables, no credentials, and the instructions do not reference any secrets or external credential stores. This is proportionate to a local webhook-debugging tool. However, because forwarded/replayed requests can include sensitive payloads, the lack of guidance about redaction or credential handling is a usability/security omission (not necessarily malicious).
Persistence & Privilege
always is false and the skill does not request elevated or persistent platform privileges. It does state 'History stored locally' but gives no path or mechanism; this is not necessarily a privilege escalation but users should know where history is kept and for how long.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install webhook-debugger - After installation, invoke the skill by name or use
/webhook-debugger - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of webhook-debugger.
- Receive and inspect webhooks locally.
- View request headers, payloads, and query parameters.
- Replay requests to any URL for debugging.
- Maintain local history of received requests.
- Verify request signatures and forward webhooks to other URLs.
- Supports JSON, form-data, and plain text payloads.
Metadata
Frequently Asked Questions
What is Webhook Debugger?
Test, debug, and inspect webhooks locally. Receive webhooks, inspect payloads, debug integrations, and replay requests. Essential for API development and thi... It is an AI Agent Skill for Claude Code / OpenClaw, with 409 downloads so far.
How do I install Webhook Debugger?
Run "/install webhook-debugger" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Webhook Debugger free?
Yes, Webhook Debugger is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Webhook Debugger support?
Webhook Debugger is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Webhook Debugger?
It is built and maintained by chenxuyaun (@chenxuyaun); the current version is v1.0.0.
More Skills