← Back to Skills Marketplace
canuto

Codehooks Backend

by Knut Martin Tornes · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
730
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install codehooks-backend
Description
Deploy serverless backends for REST APIs, webhooks, data storage, scheduled jobs, queue workers, and autonomous workflows.
README (SKILL.md)

Codehooks Backend Skill

Give your OpenClaw agent a serverless backend for REST APIs, webhooks, data storage, scheduled jobs, queue workers, and autonomous workflows.

Your agent can deploy code

With this skill, your agent can write JavaScript/TypeScript code and deploy it to a live serverless backend in 5 seconds. No human intervention required — the agent iterates autonomously.

Codehooks has a free tier to get started, and paid plans have no extra charges for traffic or API calls — let your agent deploy without worrying about usage costs.

⚠️ Warning: This gives your agent the ability to deploy and run code on a live server. Review your agent's actions, set appropriate permissions, and monitor usage. You are responsible for any code your agent deploys.

What this skill enables

  • REST APIs with automatic OpenAPI/Swagger documentation
  • Instant CRUD APIs using crudlify() with schema validation
  • Webhook endpoints that external services can call (Stripe, GitHub, Shopify, etc.)
  • Persistent storage beyond local memory (NoSQL + key-value)
  • Background jobs and scheduled tasks that run 24/7
  • Queue workers for async processing
  • Autonomous workflows with retries, branching, and state management

Setup

Human does once:

npm install -g codehooks
coho login
coho create openclaw-backend
coho add-admintoken

Give the admin token to your agent.

Agent uses:

export CODEHOOKS_ADMIN_TOKEN="your-token-here"
coho deploy --admintoken $CODEHOOKS_ADMIN_TOKEN

The agent can now deploy code, query data, and manage the backend.

Essential: Load the development context

Before building anything, run:

coho prompt

This outputs the complete Codehooks development prompt — routing, database, queues, jobs, workflows, and the full codehooks-js API. Copy it into your context to build any backend feature correctly.

macOS shortcut:

coho prompt | pbcopy

Understand existing projects

Before modifying an existing project, get the full picture:

# Returns JSON with collections, stats, recent deploys, and error logs
coho doctor

# Describe the app structure — collections, schemas, queues, files
coho describe

coho doctor is the most powerful diagnostic command — it returns structured JSON covering database collections with document counts, deployment history, queue and worker status, and recent error logs. Always run it when joining an existing project or debugging issues.

coho describe complements doctor by showing the structural overview: what collections exist, their schemas, registered queues, and deployed files.

Commands your agent can use

All commands accept --admintoken $CODEHOOKS_ADMIN_TOKEN for non-interactive use. Full CLI reference: https://codehooks.io/docs/cli

Command What it does
coho prompt Get the full development context
coho doctor Diagnose project state — collections, stats, deploys, error logs
coho describe Describe app structure — collections, schemas, queues, files
coho deploy Deploy code (5 seconds to live)
coho info --examples Get endpoint URLs with cURL examples
coho log -f Stream logs in real-time
coho query -c \x3Ccollection> -q 'field=value' Query the database
coho queue-status Check queue status
coho workflow-status Check workflow status
coho import -c \x3Ccollection> --file data.json Import data
coho export -c \x3Ccollection> Export data

Code examples

Instant CRUD API with validation

import { app } from 'codehooks-js';
import * as Yup from 'yup';

const productSchema = Yup.object({
  name: Yup.string().required(),
  price: Yup.number().positive().required(),
  category: Yup.string().required()
});

// Creates GET, POST, PUT, DELETE endpoints automatically
// OpenAPI docs available at /.well-known/openapi
app.crudlify({ product: productSchema });

export default app.init();

Webhook that stores incoming data

import { app, Datastore } from 'codehooks-js';

// Allow webhook endpoint without JWT authentication
app.auth('/webhook', (req, res, next) => {
  next();
});

app.post('/webhook', async (req, res) => {
  const conn = await Datastore.open();
  await conn.insertOne('events', {
    ...req.body,
    receivedAt: new Date().toISOString()
  });
  res.json({ ok: true });
});

export default app.init();

Scheduled job (runs daily at 9am)

import { app, Datastore } from 'codehooks-js';

app.job('0 9 * * *', async (_, { jobId }) => {
  console.log(`Running job: ${jobId}`);
  const conn = await Datastore.open();
  const events = await conn.getMany('events', {}).toArray();
  console.log('Daily summary:', events.length, 'events');
});

export default app.init();

Queue worker for async processing

import { app, Datastore } from 'codehooks-js';

app.worker('processTask', async (req, res) => {
  const { task } = req.body.payload;
  const conn = await Datastore.open();
  await conn.updateOne('tasks', { _id: task.id }, { $set: { status: 'completed' } });
  res.end();
});

export default app.init();

Autonomous workflow (multi-step with retries)

import { app } from 'codehooks-js';

const workflow = app.createWorkflow('myTask', 'Process tasks autonomously', {
  begin: async function (state, goto) {
    console.log('Starting task:', state.taskId);
    goto('process', state);
  },
  process: async function (state, goto) {
    // Do work here - workflow handles retries and state
    state = { ...state, result: 'processed' };
    goto('complete', state);
  },
  complete: function (state, goto) {
    console.log('Done:', state.result);
    goto(null, state); // End workflow
  }
});

// Agent starts workflow via API
app.post('/start', async (req, res) => {
  const result = await workflow.start(req.body);
  res.json(result);
});

export default app.init();

Important patterns

  • getMany() returns a stream — use .toArray() when you need to manipulate data (sort, filter, map)
  • Webhook signatures: Use req.rawBody for signature verification, not req.body
  • No filesystem access: fs, path, os are not available — this is a serverless environment
  • Secrets: Use process.env.VARIABLE_NAME for API keys and secrets
  • Static files: app.static({ route: '/app', directory: '/public' }) serves static sites from deployed source
  • File storage: app.storage({ route: '/docs', directory: '/uploads' }) serves uploaded files

Development workflow: Let your agent build new endpoints

  1. Agent runs coho prompt and loads the development context
  2. For existing projects, agent runs coho doctor and coho describe to understand what's deployed
  3. Agent writes code using codehooks-js patterns
  4. Agent runs coho deploy (5 seconds to live)
  5. Agent verifies with coho log -f or tests endpoints with coho info --examples
  6. Agent iterates — the fast deploy loop enables rapid development

When to use this skill

  • You need a reliable webhook URL for Stripe, GitHub, Shopify, etc.
  • You want persistent storage outside your local machine
  • You need scheduled jobs that run even when your device is off
  • You want to offload sensitive API integrations to a sandboxed environment
  • You need queues for async processing
  • You want autonomous multi-step workflows that run independently with retries

Resources

Usage Guidance
This skill is coherent with its stated purpose but is high-risk in practice. If you install it: 1) Do NOT hand your production CODEHOOKS_ADMIN_TOKEN to an agent unless you understand and accept full control of the backend. Prefer creating a scoped token with least privilege for specific tasks or a sandbox project. 2) Be cautious with `coho prompt` and `coho doctor` — they return full project context, DB collection counts, deploy history and logs; avoid copying secrets or sensitive data into agent context. 3) The examples reference other environment secrets (e.g., STRIPE_WEBHOOK_SECRET) that the skill does not declare — ensure you do not expose those unnecessarily. 4) Monitor deployments and logs, rotate tokens if you suspect exposure, and require human approval for any deploy step if possible. 5) If you need only read-only diagnostics or limited deploys, ask for a reduced-scope workflow or a less-privileged token before giving the agent access.
Capability Analysis
Type: OpenClaw Skill Name: codehooks-backend Version: 1.0.0 This skill is classified as suspicious due to the significant power it grants to the OpenClaw agent, including the ability to deploy arbitrary code to a live server and make outbound network calls to agent-defined URLs. While the skill explicitly warns the user about these capabilities in SKILL.md and README.md, and the code examples (e.g., examples/workflow-automation.js with its `callbackUrl`) are presented as legitimate features for agent notification, these are high-risk behaviors that could be leveraged for malicious purposes if the agent itself is compromised or instructed maliciously. The core functionality of `coho deploy` effectively allows for remote code execution (RCE) on the Codehooks platform, controlled by the agent.
Capability Assessment
Purpose & Capability
Name/description align with the required CLI binary (coho) and an admin token for deploying and managing backends — those credentials and tools are expected for the stated purpose.
Instruction Scope
SKILL.md tells the agent to run `coho prompt`, `coho doctor`, `coho describe`, and `coho log -f`. `coho prompt` and `coho doctor` are explicitly described as returning full development context, collections, deployment history, and recent error logs — all of which may include sensitive data. The instructions also instruct you to give the admin token to the agent and to copy the full prompt into the agent context, which greatly increases the chance of leaking secrets or database content.
Install Mechanism
This is an instruction-only skill with no install spec. No archives or external installers are pulled — the only dependency is the external `coho` CLI which must already be present. Low risk from install mechanism itself.
Credentials
The skill declares one required env var: CODEHOOKS_ADMIN_TOKEN — sensible for admin operations. However, example code references other env vars (e.g., STRIPE_WEBHOOK_SECRET) that are not listed in requires.env. More importantly, giving an agent the admin token grants full management access (deployments, DB queries, logs) which is high privilege; this is likely more access than many users realize or need.
Persistence & Privilege
always:false and default autonomous invocation are set (normal). However, when combined with an admin token and instructions that let the agent deploy code and create webhook callbacks, autonomous operation increases blast radius: the agent could deploy code that exfiltrates data or reaches out to external endpoints. This is a risk only when you actually provide the admin token and enable autonomous actions.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install codehooks-backend
  3. After installation, invoke the skill by name or use /codehooks-backend
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of the Codehooks Backend Skill. - Enables agents to deploy serverless backends for REST APIs, webhooks, data storage, jobs, queue workers, and workflows. - Provides detailed setup instructions, security notes, and essential usage patterns. - Includes code examples for CRUD APIs, webhooks, scheduled jobs, queue workers, and workflows. - Documents recommended CLI commands for diagnostics, deployment, querying, and monitoring. - Lists development workflow and best practices for agent-driven backend automation.
Metadata
Slug codehooks-backend
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Codehooks Backend?

Deploy serverless backends for REST APIs, webhooks, data storage, scheduled jobs, queue workers, and autonomous workflows. It is an AI Agent Skill for Claude Code / OpenClaw, with 730 downloads so far.

How do I install Codehooks Backend?

Run "/install codehooks-backend" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Codehooks Backend free?

Yes, Codehooks Backend is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Codehooks Backend support?

Codehooks Backend is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Codehooks Backend?

It is built and maintained by Knut Martin Tornes (@canuto); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments