Skip to main content

auto-webhooks

Configures ADO service hooks and PR Review policies for automation agents using ADO REST API, enhancing CI/CD workflows.

Install this skill

or
0/100

Security score

The auto-webhooks skill was audited on Apr 6, 2026 and we found 28 security issues across 2 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 2

Webhook reference - potential data exfiltration

SourceSKILL.md
2name: auto-webhooks
medium line 27

Webhook reference - potential data exfiltration

SourceSKILL.md
27- For **full-hub only**: `webhooks.wi-userstory.url`, `webhooks.wi-bug.url`
medium line 28

Webhook reference - potential data exfiltration

SourceSKILL.md
28- Check if `webhooks.*.status` is already `configured` — skip if so
medium line 34

Webhook reference - potential data exfiltration

SourceSKILL.md
34> **Webhook username?** (same as Lambda `BASIC_USER` set in hub's `/auto-lambda-env`)
medium line 36

Webhook reference - potential data exfiltration

SourceSKILL.md
36> **Webhook password?** (same as Lambda `BASIC_PASS`) — secret, not stored
medium line 38

Webhook reference - potential data exfiltration

SourceSKILL.md
38> **Webhook secret?** (same as Lambda `WEBHOOK_SECRET`) — secret, not stored
low line 86

Webhook reference - potential data exfiltration

SourceSKILL.md
86\"consumerId\": \"webHooks\",
low line 97

Webhook reference - potential data exfiltration

SourceSKILL.md
97\"httpHeaders\": \"x-webhook-secret:<WEBHOOK_SECRET>\"
medium line 104

Webhook reference - potential data exfiltration

SourceSKILL.md
104- `webhooks.wi-userstory.subscriptionId` → returned ID
medium line 105

Webhook reference - potential data exfiltration

SourceSKILL.md
105- `webhooks.wi-userstory.status` → `"configured"`
low line 122

Webhook reference - potential data exfiltration

SourceSKILL.md
122\"consumerId\": \"webHooks\",
low line 133

Webhook reference - potential data exfiltration

SourceSKILL.md
133\"httpHeaders\": \"x-webhook-secret:<WEBHOOK_SECRET>\"
medium line 140

Webhook reference - potential data exfiltration

SourceSKILL.md
140- `webhooks.wi-bug.subscriptionId` → returned ID
medium line 141

Webhook reference - potential data exfiltration

SourceSKILL.md
141- `webhooks.wi-bug.status` → `"configured"`
low line 158

Webhook reference - potential data exfiltration

SourceSKILL.md
158\"consumerId\": \"webHooks\",
low line 169

Webhook reference - potential data exfiltration

SourceSKILL.md
169\"httpHeaders\": \"x-webhook-secret:<WEBHOOK_SECRET>\"
medium line 175

Webhook reference - potential data exfiltration

SourceSKILL.md
175- `<pr-answer-url>` — for hub: from `webhooks.pr-answer.url` in infra.json. For consumer: the hub's PR Router Lambda URL (asked in step 0).
medium line 180

Webhook reference - potential data exfiltration

SourceSKILL.md
180- `webhooks.pr-answer.subscriptionId` → returned ID
medium line 181

Webhook reference - potential data exfiltration

SourceSKILL.md
181- `webhooks.pr-answer.status` → `"configured"`
medium line 220

Webhook reference - potential data exfiltration

SourceSKILL.md
220- `webhooks.pr-review.policyId` → returned ID
medium line 221

Webhook reference - potential data exfiltration

SourceSKILL.md
221- `webhooks.pr-review.status` → `"configured"`
low line 230

Webhook reference - potential data exfiltration

SourceSKILL.md
230## ADO Webhooks Configured (Hub)
low line 254

Webhook reference - potential data exfiltration

SourceSKILL.md
254## ADO Webhooks Configured (Consumer)
medium line 279

Webhook reference - potential data exfiltration

SourceSKILL.md
2791. `/auto-webhooks` (hub project) — Creates 2 WI hooks (User Story + Bug, tag-filtered to `KAI-TRIGGER`) in the work-item ADO project (from scm.wiki-project config), 1 PR Answer hook scoped to the rep
medium line 281

Webhook reference - potential data exfiltration

SourceSKILL.md
2812. `/auto-webhooks` (consumer project) — Skips WI hooks (managed by hub). Creates 1 PR Answer hook scoped to this repo + base branch pointing to the hub's Lambda URL, and 1 PR Review build validation
medium line 283

Webhook reference - potential data exfiltration

SourceSKILL.md
2833. `/auto-webhooks` (re-run, hooks already exist) — Lists existing service hooks via `az rest`, detects that the PR Answer hook and PR Review policy already exist for this repo. Skips creation with "a
medium line 310

Webhook reference - potential data exfiltration

SourceSKILL.md
310- **Tag-based routing** — all WI webhooks route to a single `/wi` endpoint. The WI Router Lambda scans work item tags against configured TAG_GATE_* env vars to determine which agent to invoke. No per-
low line 31

External URL reference

SourceSKILL.md
31> **Hub's PR Router Lambda URL?** The API Gateway URL from the hub project's infra.json (e.g., `https://<id>.execute-api.us-east-1.amazonaws.com/prod/pr-answer`).
Scanned on Apr 6, 2026
View Security Dashboard
Installation guide →
GitHub Stars 3
Rate this skill
Categorydevelopment
UpdatedApril 10, 2026
openclawapibackenddevops-srebackend-developerdata-engineerazuregithubdevelopment
easingthemes/dx-aem-flow