webflow-webhooks
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill demonstrates secure implementation of webhook signature verification.
- Uses
crypto.timingSafeEqualin Node.js andhmac.compare_digestin Python to prevent timing attacks during signature comparison. - Implements a 5-minute timestamp validation window (300,000 ms) to mitigate replay attacks.
- Correctly emphasizes the use of the raw request body for verification to prevent common parsing-related vulnerabilities.
- [EXTERNAL_DOWNLOADS]: The documentation recommends installing the Hookdeck CLI for local development.
- Evidence:
npm install -g hookdeck-cliandbrew install hookdeck/hookdeck/hookdecksuggested inSKILL.mdandREADME.mdfiles. - Context: Hookdeck is the author of this skill, and the tool is an official utility provided by the vendor for webhook testing. This is a standard and safe recommendation for the intended use case.
Audit Metadata