webflow-webhooks
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements industry-standard security practices for webhook handling.
- Signature verification using HMAC-SHA256 is consistently applied across all provided examples, including FastAPI, Express, and Next.js.
- Timestamp validation with a 5-minute window is enforced to mitigate replay attacks.
- All sensitive configuration is handled through environment variables, and no hardcoded credentials were found.
- [EXTERNAL_DOWNLOADS]: The documentation references hookdeck-cli for local development. Hookdeck is an established and well-known webhook infrastructure service, and its official CLI is a safe dependency for development purposes.
Audit Metadata