← 返回 Skills 市场

Webhook Robot

Name: Webhook Robot
Author: takedwind

作者 takedwind · GitHub ↗ · v1.1.0

cross-platform ⚠ suspicious

1081

总下载

当前安装

版本数

在 OpenClaw 中安装

/install webhook-robot

功能描述

Send messages to various webhook-based bots (WeCom, DingTalk, Feishu, etc.).

安全使用建议

This skill appears to do what it says (send webhook messages). Before installing or using it: (1) review the scripts yourself (they are bundled and readable). (2) Avoid passing secret tokens on long-lived command lines—prefer secure config files or protected env vars if you adapt the scripts. (3) Be cautious about allowing autonomous/unsupervised use: the scripts accept arbitrary URLs, so an untrusted prompt could cause the agent to send requests to internal network endpoints. (4) Note the SKILL.md mentions a not-yet-implemented config.json; expect to supply keys/tokens via CLI until you implement safer storage. If you plan to use this in production, run it in a network-isolated environment and rotate tokens used for testing.

功能分析

Type: OpenClaw Skill Name: webhook-robot Version: 1.1.0 The skill bundle is designed to send messages to various webhook-based services. While the core functionality is benign, the `scripts/send_gocqhttp.py` script allows specifying an arbitrary URL (`--url`) for the GoCqHttp API. This capability, while necessary for its stated purpose, introduces a potential Server-Side Request Forgery (SSRF) vulnerability if the agent's input is not adequately sanitized, allowing an attacker to direct the agent to make requests to internal network resources or other arbitrary external hosts. This is a risky capability without clear malicious intent within the script itself, thus classifying it as suspicious rather than malicious.

能力评估

ℹ Purpose & Capability

The package contains Python scripts to send messages to many webhook services (WeCom, DingTalk, Feishu, Bark, Telegram, PushDeer, ServerChan, GoCqHttp, Gotify), which is coherent with the skill name and README. SKILL.md's brief usage section only shows WeCom and says 'currently supports WeCom' (and references a not-yet-implemented config.json) — this is a documentation mismatch but not an outright capability/credential incoherence. Required binary (python3) is appropriate.

ℹ Instruction Scope

Runtime instructions simply call the included scripts with user-supplied tokens/URLs. The scripts do network calls only to webhook endpoints (or whatever URL the user supplies). They do not read unrelated files or environment variables. Two operational notes: (1) many scripts accept arbitrary full URLs — if an attacker can supply URLs or cause the agent to run these scripts, they could be used to reach internal network endpoints (SSRF/probing). (2) SKILL.md mentions storing defaults in config.json 'to be implemented', so expected config behavior is incomplete.

✓ Install Mechanism

There is no install script/spec and no remote downloads — this is instruction-only with bundled Python scripts. No archive downloads or package installs are requested, so install-surface risk is low.

ℹ Credentials

The skill declares no required environment variables or credentials, and scripts accept service tokens/keys as command-line arguments (which is proportionate). Warning: passing secrets on command lines can expose them via process lists or shell history. The skill does not request unrelated credentials or config paths.

✓ Persistence & Privilege

The skill does not request always:true or other elevated persistence, and does not attempt to modify other skills or system-wide config. Model invocation is enabled (default), which is normal for skills; combine this with the note about arbitrary URLs if you plan to allow autonomous use.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install webhook-robot
安装完成后，直接呼叫该 Skill 的名称或使用 /webhook-robot 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.1.0

- Added support for new webhook platforms: Bark, Go-cqhttp, Gotify, PushDeer, ServerChan, and Telegram. - Introduced dedicated Python scripts for sending messages to each of the newly supported platforms. - Updated documentation and metadata to reflect expanded messaging capabilities.

v1.0.1

- Updated package.json (details not shown). - No changes to usage or documentation in SKILL.md.

v1.0.0

Initial release of webhook-robot. - Send messages to various webhook-based bots. - Current support for WeCom (企业微信) group bots. - Allows sending text messages via script with webhook key or URL. - Planned support for configuration via config.json.

元数据

Slug webhook-robot

版本 1.1.0

许可证 —

累计安装 4

当前安装数 4

历史版本数 3

常见问题

Webhook Robot 是什么？

Send messages to various webhook-based bots (WeCom, DingTalk, Feishu, etc.). 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 1081 次。

如何安装 Webhook Robot？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install webhook-robot」即可一键安装，无需额外配置。

Webhook Robot 是免费的吗？

是的，Webhook Robot 完全免费（开源免费），可自由下载、安装和使用。

Webhook Robot 支持哪些平台？

Webhook Robot 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Webhook Robot？

由 takedwind（@takedwind）开发并维护，当前版本 v1.1.0。