coderabbit-webhooks-events
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides standard documentation and code snippets for building a webhook receiver.
- [SAFE]: Implements secure cryptographic signature validation using
crypto.timingSafeEqualto mitigate timing attacks. - [SAFE]: Encourages secure secret management by accessing webhook secrets through environment variables (
process.env.GITHUB_WEBHOOK_SECRET). - [SAFE]: Logic for filtering events is restricted to specific bot accounts (
coderabbitai[bot]) and verified application identifiers.
Audit Metadata