webflow-webhooks
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides comprehensive guides and code examples for implementing Webflow webhook handlers with robust security measures. It correctly implements signature verification using SHA-256 HMAC and uses timing-safe comparisons to prevent timing attacks.
- [EXTERNAL_DOWNLOADS]: The skill mentions and recommends the use of 'hookdeck-cli' for local development and tunneling. As the skill is authored by Hookdeck, this is considered a legitimate vendor-provided tool.
- [COMMAND_EXECUTION]: The documentation includes standard development commands for setting up project environments, installing dependencies via NPM and Pip, and running test suites (Vitest, Jest, Pytest). All commands are restricted to the local development context and serve the primary purpose of the skill.
- [CREDENTIALS_UNSAFE]: The skill correctly handles sensitive information by using environment variables (e.g., WEBFLOW_WEBHOOK_SECRET) instead of hardcoding secrets. It provides .env.example files to guide users on safe secret management practices.
Audit Metadata