The Agent Skills Directory

[SAFE]: The skill correctly implements security best practices for webhook verification. It uses Intercom's X-Hub-Signature header to perform HMAC-SHA1 validation against the raw request body. The implementation utilizes timing-safe comparison functions (crypto.timingSafeEqual in Node.js and hmac.compare_digest in Python) to prevent timing side-channel attacks.
[EXTERNAL_DOWNLOADS]: The documentation references hookdeck-cli via npx for local development and testing. This is a utility tool provided by the author (Hookdeck) to facilitate webhook debugging.

intercom-webhooks