vercel-webhooks
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The signature verification implementation in both Node.js and Python examples correctly uses timing-safe comparison methods, specifically 'crypto.timingSafeEqual' and 'hmac.compare_digest', to prevent timing side-channel attacks.- [EXTERNAL_DOWNLOADS]: The skill recommends the installation of 'hookdeck-cli' for local webhook testing. This tool is provided by the skill author ('hookdeck') and is a legitimate development utility.- [SAFE]: Example code and setup instructions adhere to secure credential management practices by utilizing environment variables via .env files instead of hardcoding sensitive webhook secrets.- [EXTERNAL_DOWNLOADS]: The project dependencies listed in the example files (e.g., Express, FastAPI, Next.js) are standard, well-known packages sourced from official public registries.
Audit Metadata