vercel-webhooks

This skill and the included code examples are consistent with their stated purpose of receiving and verifying Vercel webhooks. I found no malicious behavior or credential-harvesting patterns in the provided code. Minor issues to address for robustness: check for missing webhook secret before use, normalize header format (strip 'sha1=' prefix if present) before comparing, and consider recommending SHA256 if/when Vercel supports it. The Hookdeck tunneling suggestion is a development convenience that routes traffic through a third-party service — acceptable for testing but should be considered in threat models.