The Agent Skills Directory

[SAFE]: The skill follows professional security standards for API integrations. Specifically, the webhook implementation includes mandatory HMAC-SHA256 validation using the App Secret to prevent request spoofing. It also correctly utilizes timing-safe comparison functions (crypto.timingSafeEqual in Node.js and hmac.compare_digest in Python) to mitigate timing attacks. Network operations are restricted to official Meta Graph API domains (graph.facebook.com), and credentials are handled via environment variables with no hardcoded secrets discovered. The provided scripts for project setup and configuration validation perform expected local file and network operations without any malicious patterns.

whatsapp-cloud-api