The Agent Skills Directory

[SAFE]: The implementation of signature verification in both JavaScript and Python examples correctly utilizes crypto.timingSafeEqual and hmac.compare_digest to mitigate potential timing attacks.
[SAFE]: The skill enforces best practices by instructing users to verify the raw request body rather than re-serialized JSON, which prevents signature mismatches and payload manipulation vulnerabilities.
[SAFE]: A replay attack mitigation is included by checking the webhook-timestamp header against a 5-minute validity window.
[EXTERNAL_DOWNLOADS]: Several dependency files in the examples/ directory (e.g., package.json, requirements.txt) reference version numbers that are currently ahead of existing stable releases (e.g., TypeScript 6.0, Next.js 16.2). While these will cause package installation to fail, the packages themselves are from well-known and trusted ecosystems (NPM, PyPI).

claude-managed-agents-webhooks