hookdeck-event-gateway-webhooks
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill provides robust signature verification logic using HMAC SHA-256 to ensure webhook authenticity.
- [SAFE]: Implementations utilize timing-safe comparison functions (crypto.timingSafeEqual and hmac.compare_digest) to protect against timing attacks.
- [SAFE]: Security best practices are followed by advising the use of environment variables for storing the Hookdeck webhook secret.
- [EXTERNAL_DOWNLOADS]: The skill references the installation of the official Hookdeck CLI through well-known package managers like Homebrew and NPM.
Audit Metadata