Webhook
Implement secure webhook receivers and senders with proper verification and reliability.
Why use this skill?
Master secure and reliable webhook handling with OpenClaw. Features HMAC verification, replay prevention, idempotency, and professional-grade delivery tracking.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/ivangdavila/webhookWhat This Skill Does
The Webhook skill enables your OpenClaw agent to serve as a robust, secure, and production-ready endpoint for receiving and sending webhooks. It abstracts away the complex plumbing required to build reliable event-driven integrations. Whether you are consuming events from payment providers, CI/CD platforms, or internal services, this skill ensures data integrity through HMAC signature verification, prevents replay attacks by validating timestamps and event IDs, and enforces strict idempotency logic to handle delivery retries gracefully. By implementing an asynchronous processing model, it guarantees your agent remains responsive to sender timeouts, maintaining high availability for incoming event streams.
Installation
To integrate this skill, run the following command in your terminal within your OpenClaw environment:
clawhub install openclaw/skills/skills/ivangdavila/webhook
Use Cases
- Payment Gateway Integration: Automatically update database records for successful payments by listening for events from Stripe or PayPal.
- CI/CD Automation: Trigger deployment pipelines or build status notifications when webhooks are received from GitHub or GitLab.
- Real-time Synchronization: Sync external CRM or user data with your local infrastructure immediately upon change events.
- Asynchronous Workflow Orchestration: Connect disparate services where one service must inform another of state changes without blocking execution.
Example Prompts
- "Set up a secure webhook listener for my Stripe account that triggers a 'payment.success' workflow and logs the event ID for idempotency."
- "Configure a webhook sender for our internal API that retries failed requests using exponential backoff starting at 1 minute."
- "Create a handler for GitHub webhooks that verifies the HMAC signature using my secret, checks for replay attacks, and processes the payload asynchronously."
Tips & Limitations
- Idempotency is Non-Negotiable: Always store processed event IDs for 24-72 hours to ensure that retries from the sender do not lead to duplicate processing logic.
- Fast Response: Never process heavy tasks within the webhook handler. Always acknowledge the receipt with a 2xx status code immediately and offload the actual business logic to a background queue.
- Security First: Never trust incoming payloads without validating the HMAC signature. Use timing-safe comparison methods to protect against potential side-channel timing attacks.
- Error Handling: Distinguish between transient and permanent errors. Only signal retries (5xx) for temporary issues; permanent failures (4xx) should be logged, alerted, and not retried to save bandwidth and compute.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-ivangdavila-webhook": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: network-access, external-api
Related Skills
Animations
Create performant web animations with proper accessibility and timing.
Arduino
Develop Arduino projects avoiding common wiring, power, and code pitfalls.
Bulgarian
Write Bulgarian that sounds human. Not formal, not robotic, not AI-generated.
Arabic
Write Arabic that sounds human. Not formal, not robotic, not AI-generated.
Assistant
Manage tasks, communications, and scheduling with proactive and organized support.