ngrok-unofficial-webhook-skill

[Skill Scanner] Installation of third-party script detected This skill's stated purpose (start ngrok, receive webhooks, auto-route them or notify user) matches the documented capabilities. However it includes high-risk behaviors that are disproportionate unless the operator trusts all installed skills: executing shell commands from skill.json templates with payload-derived values (possible command injection/RCE), scanning sibling directories for skill.json (exposes a broad trust surface), and sending webhook payloads to external parties via an external binary (possible data exfiltration). I rate this SUSPICIOUS: acceptable if used in a tightly-controlled, single-developer environment with trusted skills and hardened template escaping, but unsafe in multi-tenant or untrusted contexts. Operator mitigations should include strict validation/escaping of substituted values, limiting which skill.json files are trusted, minimizing logged sensitive data, and auditing the notification binary (OPENCLAW_BIN). LLM verification: This skill is functionally aligned with its described purpose (starting an ngrok tunnel and routing webhooks). However, it exposes several risky behaviors that are disproportionate or insufficiently constrained: executing shell commands derived from webhook payloads (risk of command injection), scanning sibling directories (possible exposure of unrelated secrets), and routing data through third-party components (ngrok, openclaw) with no described safeguards. I rate this as SUSPICIOUS: acceptable