scrapfly-webhooks
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides robust implementations for signature verification using constant-time comparison functions (
timingSafeEqualin Node.js andhmac.compare_digestin Python) to prevent timing attacks.- [SAFE]: The instructions emphasize the critical requirement of verifying signatures against the raw request body to avoid common re-serialization errors that break HMAC validation.- [SAFE]: The documentation includes an explicit security warning regarding the Scrapfly-specific behavior of echoing the signing secret within the payload body and provides remediation code to redact this sensitive information from logs.- [SAFE]: Referenced external resources and tools (such ashookdeck-cli) are owned and maintained by the skill's author (Hookdeck).- [SAFE]: Dependencies listed in the examples are standard, well-maintained libraries for web development and testing from official registries.
Audit Metadata