install-messenger

Facilitates the secure installation of Intercom Messenger on web applications, generating necessary backend and frontend code.

Install this skill

84/100

Security score

The install-messenger skill was audited on May 15, 2026 and we found 16 security issues across 3 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

low line 100

Fetch to external URL

SourceSKILL.md

100	fetch('/api/intercom-jwt', { credentials: 'include' })

low line 64

Access to .env file

SourceSKILL.md

64	const INTERCOM_SECRET = process.env.INTERCOM_IDENTITY_SECRET; // Never hardcode this

low line 26

External URL reference

SourceSKILL.md

26	- Found on the [Intercom Messenger install page](https://app.intercom.com/a/apps/_/settings/channels/messenger/install)

low line 27

External URL reference

SourceSKILL.md

27	- Or in the URL bar: `https://app.intercom.com/a/apps/<workspace_id>/...`

low line 29

External URL reference

SourceSKILL.md

29	2. Identity Verification Secret (also called Messenger API Secret) — Found on the [Messenger Security page](https://app.intercom.com/a/apps/_/settings/channels/messenger/security). This is the HMA

low line 31

External URL reference

SourceSKILL.md

31	Ask the user for both values. Do not proceed without the Workspace ID. If they don't have the Identity Verification Secret yet, direct them to the [Messenger Security page](https://app.intercom.com/a/

low line 110

External URL reference

SourceSKILL.md

110	(function(){var w=window;var ic=w.Intercom;if(typeof ic==="function"){ic('reattach_activator');ic('update',w.intercomSettings);}else{var d=document;var i=function(){i.c(arguments);};i.q=[];i.c=functio

low line 131

External URL reference

SourceSKILL.md

131	\| EU (Ireland) \| `https://api-iam.eu.intercom.io` \| Yes \|

low line 132

External URL reference

SourceSKILL.md

132	\| Australia \| `https://api-iam.au.intercom.io` \| Yes \|

low line 170

External URL reference

SourceSKILL.md

170	Solution: Verify the secret on the [Messenger Security page](https://app.intercom.com/a/apps/_/settings/channels/messenger/security). Ensure the environment variable holds the correct value for this w

low line 175

External URL reference

SourceSKILL.md

175	Solution: Check the workspace's Intercom plan on the [Messenger Security page](https://app.intercom.com/a/apps/_/settings/channels/messenger/security). If identity verification is unavailable, the use

low line 185

External URL reference

SourceSKILL.md

185	Solution: Configure CORS on the JWT endpoint to allow the frontend origin. For Express: `cors({ origin: 'https://your-app.com', credentials: true })`. For other frameworks, add the appropriate CORS he

low line 193

External URL reference

SourceSKILL.md

193	Intercom also supports code-free installation via WordPress, Shopify, Google Tag Manager, and Segment. Direct users to the [Messenger install page](https://app.intercom.com/a/apps/_/settings/channels/

low line 203

External URL reference

SourceSKILL.md

203	Manual verification (instruct the user): Open the app in a browser, confirm the Messenger bubble appears, log in, click the bubble, send a test message, then check the [Intercom Inbox](https://app

low line 209

External URL reference

SourceSKILL.md

209	1. Go to the [Messenger Security page](https://app.intercom.com/a/apps/_/settings/channels/messenger/security)

low line 230

External URL reference

SourceSKILL.md

230	(function(){var w=window;var ic=w.Intercom;if(typeof ic==="function"){ic('reattach_activator');ic('update',w.intercomSettings);}else{var d=document;var i=function(){i.c(arguments);};i.q=[];i.c=functio

Scanned on May 15, 2026

View Security Dashboard

Installation guide →

GitHub Stars 4

Rate this skill

Categorydevelopment

UpdatedMay 20, 2026

420company/artemis