The Agent Skills Directory

[SAFE]: The skill implements best-practice HMAC signature verification using Node.js crypto.timingSafeEqual to mitigate timing attacks.
[SAFE]: It correctly instructs the use of raw request bodies for verification to ensure signature integrity.
[SAFE]: The implementation includes idempotency checks using the X-Shopify-Webhook-Id header to prevent duplicate event processing.
[SAFE]: Mandatory GDPR webhooks are correctly defined with required 200 OK responses to meet Shopify's compliance standards.
[EXTERNAL_DOWNLOADS]: The skill references established libraries such as express for routing and bullmq for asynchronous background processing.

shopify-webhooks