hookdeck-event-gateway

[Skill Scanner] [Documentation context] Installation of third-party script detected This README/skill documentation is informational and does not contain executable malicious code or obvious supply-chain attack vectors within the provided text. The main security consideration is that using Hookdeck routes all webhook payloads and headers through a third-party service (centralized storage and processing), which is expected for a gateway but requires the user to trust Hookdeck with potentially sensitive data and notification integrations. Installing the Hookdeck CLI from Homebrew or npm is normal, but users should treat installing third-party CLIs as a standard supply-chain trust decision and continue to consider signature verification strategies. No evidence of obfuscation or embedded malware was found. LLM verification: [LLM Escalated] This skill is documentation for a legitimate webhook gateway (Hookdeck) with coherent capabilities. It requires users to install and run a vendor CLI which will create public tunnels and route webhook payloads through Hookdeck domains. That download-and-execute pattern and the intermediary handling of potentially sensitive payloads are valid supply-chain and privacy risks that developers should treat with caution (verify packages, limit exposure, and review retention/policy). I find no evidence