sendgrid-inbound

Facilitates receiving and parsing inbound emails via SendGrid's Inbound Parse Webhook, enhancing email-to-app workflows.

Install this skill

or

21/100

Security score

The sendgrid-inbound skill was audited on Feb 15, 2026 and we found 19 security issues across 2 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 3

Webhook reference - potential data exfiltration

SourceSKILL.md

3	description: Receive inbound emails via SendGrid Inbound Parse Webhook. Covers MX record setup, webhook configuration, payload parsing, attachment handling, and security best practices. Use when recei

medium line 10

Webhook reference - potential data exfiltration

SourceSKILL.md

10	SendGrid's Inbound Parse Webhook receives emails for a specific hostname/subdomain, parses the message, and POSTs it to your webhook as `multipart/form-data`.

medium line 13

Webhook reference - potential data exfiltration

SourceSKILL.md

13	- SendGrid posts the full parsed email (text/html/headers/attachments) directly to your webhook.

medium line 14

Webhook reference - potential data exfiltration

SourceSKILL.md

14	- There is no official signature verification for Inbound Parse (unlike SendGrid Event Webhook). You must secure the endpoint yourself.

low line 20

Webhook reference - potential data exfiltration

SourceSKILL.md

20	# Check MX record and test webhook

low line 21

Webhook reference - potential data exfiltration

SourceSKILL.md

21	../scripts/verify-inbound-setup.sh parse.example.com https://webhook.example.com/parse

medium line 28

Webhook reference - potential data exfiltration

SourceSKILL.md

28	3. Handle the webhook: parse `multipart/form-data`, read `text`, `html`, `headers`, and attachments.

medium line 31

Webhook reference - potential data exfiltration

SourceSKILL.md

31	### Parse Webhook Payloads

low line 34

Webhook reference - potential data exfiltration

SourceSKILL.md

34	node ../scripts/parse-webhook-payload.js < payload.txt

medium line 58

Webhook reference - potential data exfiltration

SourceSKILL.md

58	## Webhook Payload (Multipart/Form-Data)

medium line 83

Webhook reference - potential data exfiltration

SourceSKILL.md

83	## Decision: How to Secure Inbound Parse Webhook?

medium line 96

Webhook reference - potential data exfiltration

SourceSKILL.md

96	- Basic authentication on webhook URL

medium line 111

Webhook reference - potential data exfiltration

SourceSKILL.md

111	- Require basic auth on the webhook URL.

medium line 125

Webhook reference - potential data exfiltration

SourceSKILL.md

125	Webhook not receiving emails:

medium line 126

Webhook reference - potential data exfiltration

SourceSKILL.md

126	- Verify webhook URL is publicly accessible (test with curl)

medium line 141

Webhook reference - potential data exfiltration

SourceSKILL.md

141	Unauthorized webhook access:

medium line 142

Webhook reference - potential data exfiltration

SourceSKILL.md

142	- Add basic authentication to webhook URL

medium line 150

Webhook reference - potential data exfiltration

SourceSKILL.md

150	- [references/webhook-examples.md](references/webhook-examples.md)

low line 21

External URL reference

SourceSKILL.md

21	../scripts/verify-inbound-setup.sh parse.example.com https://webhook.example.com/parse

Scanned on Feb 15, 2026

View Security Dashboard

Installation guide →

GitHub Stars 2.2K

Rate this skill

Categorymarketing

UpdatedApril 4, 2026

openclaw api email-marketer growth-marketer customer-success-manager sendgrid marketing sales

openclaw/skills