Skills
skills/hookdeck/webhook-skills/openclaw-webhooks/Gen Agent Trust Hub

openclaw-webhooks

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill implements handlers for external webhook events where the data (message or text fields) is intended to be processed by AI agents, creating a surface for indirect prompt injection.
  • Ingestion points: Untrusted data enters the agent context via request bodies in examples/express/src/index.js, examples/fastapi/main.py, and examples/nextjs/app/webhooks/openclaw/route.ts.
  • Boundary markers: While references/overview.md states payloads are "wrapped with safety boundaries," the provided code examples do not demonstrate implementation of these boundaries.
  • Capability inventory: The examples currently only perform logging (console.log, print), but the skill's purpose is to facilitate broader integrations (databases, CI/CD, etc.) based on these inputs.
  • Sanitization: No explicit sanitization or validation of the message content is performed in the example code before usage.
  • [EXTERNAL_DOWNLOADS]: The documentation and setup instructions recommend the use of hookdeck-cli via npx for local development. This tool is maintained by the skill author.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 07:13 AM