scrapfly-webhooks
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides boilerplate code for receiving webhooks with robust security practices.
- [SAFE]: Implements HMAC-SHA256 signature verification using timing-safe comparisons (crypto.timingSafeEqual in Node.js and hmac.compare_digest in Python) to prevent timing attacks.
- [SAFE]: Explicitly warns developers that Scrapfly includes the signing secret in the webhook payload body and provides instructions on how to redact it before logging or storage.
- [SAFE]: Uses standard dependency management and relies on well-known, reputable libraries and tools (Express, FastAPI, Next.js, Hookdeck CLI).
Audit Metadata