vercel-webhooks

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
  • [SAFE]: The signature verification implementation in both Node.js and Python examples correctly uses timing-safe comparison methods, specifically 'crypto.timingSafeEqual' and 'hmac.compare_digest', to prevent timing side-channel attacks.- [EXTERNAL_DOWNLOADS]: The skill recommends the installation of 'hookdeck-cli' for local webhook testing. This tool is provided by the skill author ('hookdeck') and is a legitimate development utility.- [SAFE]: Example code and setup instructions adhere to secure credential management practices by utilizing environment variables via .env files instead of hardcoding sensitive webhook secrets.- [EXTERNAL_DOWNLOADS]: The project dependencies listed in the example files (e.g., Express, FastAPI, Next.js) are standard, well-known packages sourced from official public registries.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 08:10 AM
Security Audit — agent-trust-hub — vercel-webhooks