← 返回 Skills 市场
Webhook Debugger
作者
chenxuyaun
· GitHub ↗
· v1.0.0
· MIT-0
409
总下载
0
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install webhook-debugger
功能描述
Test, debug, and inspect webhooks locally. Receive webhooks, inspect payloads, debug integrations, and replay requests. Essential for API development and thi...
安全使用建议
This skill looks like a straightforward webhook-debugging instructions sheet, but there are a few red flags you should address before relying on it: (1) SKILL.md expects a 'webhook' CLI but the skill doesn't declare or install that binary — verify which implementation is intended and only install it from a trusted source (official repo or package manager). (2) The included _meta.json metadata (owner/version) doesn't match the registry metadata — ask the publisher for canonical source code or homepage to verify provenance. (3) Replay/forward features will send received webhook payloads to arbitrary URLs; treat incoming webhooks as potentially sensitive and avoid forwarding them to unknown endpoints. (4) Ask where request history is stored and how long it is retained; inspect that storage location and secure it if it contains PII or secrets. If you can't confirm the CLI source or the publisher, prefer a known tool (official packages like ngrok/tunneling tools or well-known webhook debuggers) or ask the skill author to add an install section and authoritative repository links.
功能分析
Type: OpenClaw Skill
Name: webhook-debugger
Version: 1.0.0
The skill bundle contains only metadata and documentation (SKILL.md) for a webhook debugging utility. The described functionality, including listening for local webhooks, inspecting payloads, and replaying requests, is consistent with standard developer tools and lacks any indicators of malicious intent, data exfiltration, or prompt injection.
能力评估
Purpose & Capability
Name/description align with the SKILL.md: it describes receiving, inspecting, replaying, and forwarding webhooks. However, the instructions rely on an external 'webhook' CLI tool while requires.bins is empty and there is no install spec — that's an incoherence (the skill implicitly requires software that it doesn't declare or provide). Also _meta.json contains different owner/version metadata than the registry metadata, which is a provenance mismatch.
Instruction Scope
The SKILL.md stays on task: starting a listener, showing history, replaying and forwarding requests. It does not instruct reading unrelated files or environment variables. But replay/forward commands explicitly send received payloads to arbitrary URLs — a legitimate feature for debugging, but also a capability that can exfiltrate sensitive webhook data if misused or if the CLI comes from an untrusted source. The SKILL.md also omits where history is stored (path/retention), which is important for privacy.
Install Mechanism
No install spec is provided (instruction-only), which is low risk by itself. The concern is that SKILL.md assumes a preinstalled 'webhook' binary but does not declare it in requires.bins or give installation guidance or a trusted source (e.g., official repo or package). That leaves users unclear about what to install and from where, increasing risk if they download an unknown binary.
Credentials
The skill declares no required environment variables, no credentials, and the instructions do not reference any secrets or external credential stores. This is proportionate to a local webhook-debugging tool. However, because forwarded/replayed requests can include sensitive payloads, the lack of guidance about redaction or credential handling is a usability/security omission (not necessarily malicious).
Persistence & Privilege
always is false and the skill does not request elevated or persistent platform privileges. It does state 'History stored locally' but gives no path or mechanism; this is not necessarily a privilege escalation but users should know where history is kept and for how long.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install webhook-debugger - 安装完成后,直接呼叫该 Skill 的名称或使用
/webhook-debugger触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of webhook-debugger.
- Receive and inspect webhooks locally.
- View request headers, payloads, and query parameters.
- Replay requests to any URL for debugging.
- Maintain local history of received requests.
- Verify request signatures and forward webhooks to other URLs.
- Supports JSON, form-data, and plain text payloads.
元数据
常见问题
Webhook Debugger 是什么?
Test, debug, and inspect webhooks locally. Receive webhooks, inspect payloads, debug integrations, and replay requests. Essential for API development and thi... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 409 次。
如何安装 Webhook Debugger?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install webhook-debugger」即可一键安装,无需额外配置。
Webhook Debugger 是免费的吗?
是的,Webhook Debugger 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Webhook Debugger 支持哪些平台?
Webhook Debugger 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Webhook Debugger?
由 chenxuyaun(@chenxuyaun)开发并维护,当前版本 v1.0.0。
推荐 Skills