hookdeck-event-gateway-webhooks
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill demonstrates cryptographically secure signature verification by using timing-safe comparison methods (e.g., crypto.timingSafeEqual in Node.js and hmac.compare_digest in Python) which effectively prevents timing attack vectors.
- [SAFE]: The code examples require the use of the raw request body for verification, ensuring that the signature check is performed on the original data before any potentially unsafe parsing occurs.
- [SAFE]: External tools and dependencies recommended, such as the Hookdeck CLI, are official resources provided by the vendor (Hookdeck) and are standard for the described use case.
- [SAFE]: Sensitive configuration, specifically the Hookdeck webhook secret, is managed through environment variables with clear instructions to avoid hardcoding credentials in the source code.
Audit Metadata