Skip to main content

coderabbit-webhooks-events

Facilitates secure handling of CodeRabbit webhooks with signature validation and event processing for reliable integrations.

Install this skill

or
0/100

Security score

The coderabbit-webhooks-events skill was audited on Feb 21, 2026 and we found 42 security issues across 4 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 72

Template literal with variable interpolation in command context

SourceSKILL.md
72const signedPayload = `${timestamp}.${payload.toString()}`;
medium line 108

Template literal with variable interpolation in command context

SourceSKILL.md
108console.log(`Unhandled event type: ${event.type}`);
medium line 114

Template literal with variable interpolation in command context

SourceSKILL.md
114console.log(`Processed ${event.type}: ${event.id}`);
medium line 116

Template literal with variable interpolation in command context

SourceSKILL.md
116console.error(`Failed to process ${event.type}: ${event.id}`, error);
medium line 130

Template literal with variable interpolation in command context

SourceSKILL.md
130const key = `coderabbit:event:${eventId}`;
medium line 136

Template literal with variable interpolation in command context

SourceSKILL.md
136const key = `coderabbit:event:${eventId}`;
medium line 148

Curl to non-GitHub URL

SourceSKILL.md
148curl -X POST https://webhook.site/your-uuid \
medium line 189

Curl to non-GitHub URL

SourceSKILL.md
189curl -X POST https://your-ngrok-url/webhooks/coderabbit \
medium line 2

Webhook reference - potential data exfiltration

SourceSKILL.md
2name: coderabbit-webhooks-events
medium line 4

Webhook reference - potential data exfiltration

SourceSKILL.md
4Implement CodeRabbit webhook signature validation and event handling.
medium line 5

Webhook reference - potential data exfiltration

SourceSKILL.md
5Use when setting up webhook endpoints, implementing signature verification,
medium line 7

Webhook reference - potential data exfiltration

SourceSKILL.md
7Trigger with phrases like "coderabbit webhook", "coderabbit events",
medium line 8

Webhook reference - potential data exfiltration

SourceSKILL.md
8"coderabbit webhook signature", "handle coderabbit events", "coderabbit notifications".
medium line 15

Webhook reference - potential data exfiltration

SourceSKILL.md
15# CodeRabbit Webhooks & Events
medium line 18

Webhook reference - potential data exfiltration

SourceSKILL.md
18Securely handle CodeRabbit webhooks with signature validation and replay protection.
medium line 21

Webhook reference - potential data exfiltration

SourceSKILL.md
21- CodeRabbit webhook secret configured
medium line 26

Webhook reference - potential data exfiltration

SourceSKILL.md
26## Webhook Endpoint Setup
low line 36

Webhook reference - potential data exfiltration

SourceSKILL.md
36app.post('/webhooks/coderabbit',
low line 62

Webhook reference - potential data exfiltration

SourceSKILL.md
62const secret = process.env.CODERABBIT_WEBHOOK_SECRET!;
low line 67

Webhook reference - potential data exfiltration

SourceSKILL.md
67console.error('Webhook timestamp too old');
medium line 141

Webhook reference - potential data exfiltration

SourceSKILL.md
141## Webhook Testing
low line 145

Webhook reference - potential data exfiltration

SourceSKILL.md
145coderabbit webhooks trigger resource.created --url http://localhost:3000/webhooks/coderabbit
low line 147

Webhook reference - potential data exfiltration

SourceSKILL.md
147# Or use webhook.site for debugging
low line 148

Webhook reference - potential data exfiltration

SourceSKILL.md
148curl -X POST https://webhook.site/your-uuid \
medium line 155

Webhook reference - potential data exfiltration

SourceSKILL.md
155### Step 1: Register Webhook Endpoint
medium line 156

Webhook reference - potential data exfiltration

SourceSKILL.md
156Configure your webhook URL in the CodeRabbit dashboard.
medium line 159

Webhook reference - potential data exfiltration

SourceSKILL.md
159Use the signature verification code to validate incoming webhooks.
medium line 168

Webhook reference - potential data exfiltration

SourceSKILL.md
168- Secure webhook endpoint
medium line 176

Webhook reference - potential data exfiltration

SourceSKILL.md
176| Invalid signature | Wrong secret | Verify webhook secret |
medium line 183

Webhook reference - potential data exfiltration

SourceSKILL.md
183### Testing Webhooks Locally
low line 188

Webhook reference - potential data exfiltration

SourceSKILL.md
188# Send test webhook
low line 189

Webhook reference - potential data exfiltration

SourceSKILL.md
189curl -X POST https://your-ngrok-url/webhooks/coderabbit \
medium line 195

Webhook reference - potential data exfiltration

SourceSKILL.md
195- [CodeRabbit Webhooks Guide](https://docs.coderabbit.com/webhooks)
medium line 196

Webhook reference - potential data exfiltration

SourceSKILL.md
196- [Webhook Security Best Practices](https://docs.coderabbit.com/webhooks/security)
medium line 185

Ngrok tunnel reference

SourceSKILL.md
185# Use ngrok to expose local server
medium line 186

Ngrok tunnel reference

SourceSKILL.md
186ngrok http 3000
medium line 189

Ngrok tunnel reference

SourceSKILL.md
189curl -X POST https://your-ngrok-url/webhooks/coderabbit \
low line 62

Access to .env file

SourceSKILL.md
62const secret = process.env.CODERABBIT_WEBHOOK_SECRET!;
low line 127

Access to .env file

SourceSKILL.md
127const redis = new Redis(process.env.REDIS_URL);
low line 145

External URL reference

SourceSKILL.md
145coderabbit webhooks trigger resource.created --url http://localhost:3000/webhooks/coderabbit
low line 148

External URL reference

SourceSKILL.md
148curl -X POST https://webhook.site/your-uuid \
low line 189

External URL reference

SourceSKILL.md
189curl -X POST https://your-ngrok-url/webhooks/coderabbit \
Scanned on Feb 21, 2026
View Security Dashboard
Installation guide →
GitHub Stars 508
Rate this skill
Categorydevelopment
UpdatedMay 21, 2026
openclawbackendapibackend-developerdevops-sredata-engineerredisdevelopment
Dicklesworthstone/pi_agent_rust