The Agent Skills Directory

[SAFE]: The skill provides correct and secure implementations for Cursor webhook signature verification. It includes the use of HMAC-SHA256 with timing-safe comparison functions, such as crypto.timingSafeEqual in Node.js and hmac.compare_digest in Python, to protect against unauthorized requests and timing attacks.
[EXTERNAL_DOWNLOADS]: The skill recommends installing the hookdeck-cli tool to facilitate local webhook debugging. This tool is a legitimate utility provided by the skill's author to enable secure local development tunnels.
[CREDENTIALS_UNSAFE]: The skill follows security best practices for secret management by instructing users to store sensitive signing secrets in environment variables rather than hardcoding them. Example environment files (.env.example) use safe placeholder values.

cursor-webhooks