Skip to main content

webhook-bridge

Enables triggering Aeon skills via external events using GitHub Actions, enhancing automation and integration capabilities.

Install this skill

or
7/100

Security score

The webhook-bridge skill was audited on May 30, 2026 and we found 21 security issues across 3 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 58

Template literal with variable interpolation in command context

SourceSKILL.md
58```yaml
medium line 2

Webhook reference - potential data exfiltration

SourceSKILL.md
2name: webhook-bridge
medium line 8

Webhook reference - potential data exfiltration

SourceSKILL.md
8# Webhook Bridge
medium line 11

Webhook reference - potential data exfiltration

SourceSKILL.md
11`repository_dispatch` listener defined in `.github/workflows/webhook.yml`.
medium line 16

Webhook reference - potential data exfiltration

SourceSKILL.md
16Actions workflow, a cron'd curl on a VPS, a DexScreener alert webhook proxy,
medium line 18

Webhook reference - potential data exfiltration

SourceSKILL.md
18UI. Every Aeon skill is reachable as a webhook target.
medium line 79

Webhook reference - potential data exfiltration

SourceSKILL.md
79### Zapier (Webhooks by Zapier — POST)
medium line 101

Webhook reference - potential data exfiltration

SourceSKILL.md
101### DexScreener-style price-alert webhook proxy
medium line 103

Webhook reference - potential data exfiltration

SourceSKILL.md
103Most webhook-producing services (DexScreener, BlockNative, etc.) post a JSON
medium line 107

Webhook reference - potential data exfiltration

SourceSKILL.md
1071. Validates the incoming webhook signature (each vendor has its own
medium line 113

Webhook reference - potential data exfiltration

SourceSKILL.md
113secret — never embed it in the vendor's webhook config.
medium line 144

Webhook reference - potential data exfiltration

SourceSKILL.md
144- It does not deduplicate dispatches. Two identical webhooks within one
medium line 148

Webhook reference - potential data exfiltration

SourceSKILL.md
148## Reactive triggers vs. webhook bridge
medium line 153

Webhook reference - potential data exfiltration

SourceSKILL.md
153not external events. The webhook bridge is the *outside-in* path: external
medium line 154

Webhook reference - potential data exfiltration

SourceSKILL.md
154systems trigger skills. The two compose — a webhook can fire `skill-repair`
medium line 155

Webhook reference - potential data exfiltration

SourceSKILL.md
155externally, or a reactive trigger can fire after a webhook-dispatched skill
medium line 181

Webhook reference - potential data exfiltration

SourceSKILL.md
1814. Wire the production caller (Zapier zap, n8n flow, vendor webhook proxy).
medium line 183

Webhook reference - potential data exfiltration

SourceSKILL.md
183That's the entire skill. The work happens in `webhook.yml`.
low line 27

External URL reference

SourceSKILL.md
27https://api.github.com/repos/{owner}/{repo}/dispatches \
low line 81

External URL reference

SourceSKILL.md
81- URL: `https://api.github.com/repos/aaronjmars/aeon-agent/dispatches`
low line 95

External URL reference

SourceSKILL.md
95- URL: `https://api.github.com/repos/aaronjmars/aeon-agent/dispatches`
Scanned on May 30, 2026
View Security Dashboard
Installation guide →
GitHub Stars 14
Rate this skill
Categorydevelopment
UpdatedJune 4, 2026
openclawapidevops-srebackend-developergrowth-marketergithubzapiern8ndevelopmentmarketing
aaronjmars/miroshark-aeon