openclaw-webhooks
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill contains no malicious patterns or vulnerabilities. It provides boilerplate code that adheres to security standards for webhook processing.
- [SAFE]: Authentication logic uses timing-safe comparison (crypto.timingSafeEqual and hmac.compare_digest) to mitigate potential timing attacks.
- [SAFE]: Input handling explicitly prevents the use of tokens in URL query strings, reducing the risk of token exposure in logs or browser history.
- [SAFE]: Dependencies across all example projects (FastAPI, Express, Next.js) are standard and reputable.
Audit Metadata