← 返回 Skills 市场
fuzzyb33s

webhook-automation

作者 Fuzzyb33s · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ 安全检测通过
80
总下载
0
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install webhook-automation
功能描述
Event-driven webhook workflows with HMAC verification, retry logic, and multi-provider patterns. Use when: (1) receiving webhooks from GitHub, Stripe, Slack,...
安全使用建议
This skill is internally coherent and implements what it claims, but before using it in production you should: (1) ensure you set a strong WEBHOOK_SECRET (do not leave it empty) and store it with restrictive file permissions; (2) update verify_signature to require a secret and fail closed (do not accept requests when no secret is configured); (3) adapt verification to each provider (Slack uses a timestamp + v0= HMAC scheme, GitHub expects sha256=...), and validate timestamps where applicable to prevent replay attacks; (4) avoid logging full payloads (logs can leak secrets or PII) or sanitize sensitive fields; (5) run the server behind TLS/HTTPS and/or a reverse proxy, bind to a restricted interface if you don't want public exposure, and use firewall rules; (6) populate the ROUTES mapping and add robust error handling and retry/backoff logic if you need guaranteed delivery; and (7) consider running this code in an isolated environment (container) and performing a code review before exposing it to public webhook traffic.
功能分析
Type: OpenClaw Skill Name: webhook-automation Version: 1.0.0 The skill bundle provides a legitimate and well-documented framework for building webhook servers with security features like HMAC signature verification for GitHub, Stripe, and Slack. The Python scripts (webhook_server.py and handlers.py) follow standard practices for event routing and payload parsing, and the documentation in skill.md focuses on educational implementation rather than malicious exploitation. No evidence of data exfiltration, unauthorized remote execution, or harmful prompt injection was found.
能力标签
cryptocan-make-purchases
能力评估
Purpose & Capability
Name/description (webhook verification, routing, retries) align with the included code. The repository contains a minimal HTTP webhook server and handler stubs, and the code only touches a secret file or WEBHOOK_SECRET env var — all are coherent with the stated purpose.
Instruction Scope
SKILL.md and the Python code stay within webhook-handling scope (read request body, verify HMAC, parse JSON, route to handlers). However, the verification function returns True when no secret is configured (insecure default), handlers log payload content (handle_default logs the first 200 chars), the Slack signature handling is oversimplified (Slack uses a timestamped scheme), and the server binds to 0.0.0.0:8443 by default which exposes it to the network. These are functional/security caveats rather than indicators of misdirection.
Install Mechanism
No install spec or external downloads. This is instruction-only with included Python scripts, so nothing is fetched or executed from third-party URLs during install.
Credentials
The code uses a single secret (config/webhook_secret.txt or the WEBHOOK_SECRET env var) which is appropriate for HMAC verification. No unrelated credentials or configuration paths are requested.
Persistence & Privilege
Skill does not request always: true, does not modify other skills or global agent settings, and does not attempt to install persistent agents. It simply runs a server when executed.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install webhook-automation
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /webhook-automation 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of webhook-automation skill. - Provides a Python-based webhook server with HMAC signature verification to ensure request authenticity. - Supports routing of incoming webhook events to custom handler functions based on event type. - Includes built-in retry logic for failed deliveries with exponential backoff. - Protects against spoofed requests by validating provider signatures (e.g., GitHub, Stripe, Slack). - Allows easy creation and extension of handlers for multiple providers and event types.
元数据
Slug webhook-automation
版本 1.0.0
许可证 MIT-0
累计安装 2
当前安装数 2
历史版本数 1
常见问题

webhook-automation 是什么?

Event-driven webhook workflows with HMAC verification, retry logic, and multi-provider patterns. Use when: (1) receiving webhooks from GitHub, Stripe, Slack,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 80 次。

如何安装 webhook-automation?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install webhook-automation」即可一键安装,无需额外配置。

webhook-automation 是免费的吗?

是的,webhook-automation 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

webhook-automation 支持哪些平台?

webhook-automation 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 webhook-automation?

由 Fuzzyb33s(@fuzzyb33s)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论