scrapfly-webhooks

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill provides robust implementations for signature verification using constant-time comparison functions (timingSafeEqual in Node.js and hmac.compare_digest in Python) to prevent timing attacks.- [SAFE]: The instructions emphasize the critical requirement of verifying signatures against the raw request body to avoid common re-serialization errors that break HMAC validation.- [SAFE]: The documentation includes an explicit security warning regarding the Scrapfly-specific behavior of echoing the signing secret within the payload body and provides remediation code to redact this sensitive information from logs.- [SAFE]: Referenced external resources and tools (such as hookdeck-cli) are owned and maintained by the skill's author (Hookdeck).- [SAFE]: Dependencies listed in the examples are standard, well-maintained libraries for web development and testing from official registries.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 08:10 AM
Security Audit — agent-trust-hub — scrapfly-webhooks