chargebee-webhooks
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements industry-standard security measures for webhook verification, specifically using HTTP Basic Authentication as recommended by Chargebee's official documentation. It includes logic to correctly handle Base64 decoding and potential edge cases like colons in passwords.
- [SAFE]: Sensitive credentials, such as the Chargebee webhook username and password, are managed through environment variables rather than being hardcoded, which prevents accidental credential exposure.
- [EXTERNAL_DOWNLOADS]: The skill references standard, reputable packages from the NPM and PyPI registries (e.g., FastAPI, Express, Next.js). While several version numbers in the example projects (e.g., FastAPI 0.128.0, Next.js 16.1.6, Jest 30.2.0) appear to be placeholders or future-dated hallucinations, the packages themselves are from trusted sources.
- [SAFE]: Documentation and setup instructions refer to well-known tools and services, such as the Hookdeck CLI, which are consistent with the skill's stated purpose of facilitating webhook development.
Audit Metadata