Skip to main content

customerio-webhooks-events

Facilitates handling of Customer.io webhooks for processing delivery events and callbacks, enhancing email marketing automation.

Install this skill

or
0/100

Security score

The customerio-webhooks-events skill was audited on Feb 21, 2026 and we found 72 security issues across 4 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 133

Template literal with variable interpolation in command context

SourceSKILL.md
133console.log(`Processing event: ${event.metric}`, event.event_id);
medium line 155

Template literal with variable interpolation in command context

SourceSKILL.md
155console.log(`Unhandled event type: ${event.metric}`);
medium line 161

Template literal with variable interpolation in command context

SourceSKILL.md
161console.log(`Email delivered to ${event.data.email_address}`);
medium line 166

Template literal with variable interpolation in command context

SourceSKILL.md
166console.log(`Email opened by ${event.data.customer_id}`);
medium line 171

Template literal with variable interpolation in command context

SourceSKILL.md
171console.log(`Link clicked: ${event.data.link}`);
medium line 176

Template literal with variable interpolation in command context

SourceSKILL.md
176console.log(`Email bounced for ${event.data.email_address}`);
medium line 181

Template literal with variable interpolation in command context

SourceSKILL.md
181console.log(`Spam complaint from ${event.data.email_address}`);
medium line 186

Template literal with variable interpolation in command context

SourceSKILL.md
186console.log(`User unsubscribed: ${event.data.customer_id}`);
medium line 244

Template literal with variable interpolation in command context

SourceSKILL.md
244console.log(`Processing ${event.metric} event:`, event.event_id);
medium line 261

Template literal with variable interpolation in command context

SourceSKILL.md
261console.log(`Job ${job.id} completed`);
medium line 265

Template literal with variable interpolation in command context

SourceSKILL.md
265console.error(`Job ${job?.id} failed:`, err);
medium line 284

Template literal with variable interpolation in command context

SourceSKILL.md
284`https://api.customer.io/v1/metrics/email/${period}`,
medium line 287

Template literal with variable interpolation in command context

SourceSKILL.md
287'Authorization': `Bearer ${process.env.CUSTOMERIO_APP_API_KEY}`
medium line 298

Template literal with variable interpolation in command context

SourceSKILL.md
298`https://api.customer.io/v1/campaigns/${campaignId}/metrics`,
medium line 301

Template literal with variable interpolation in command context

SourceSKILL.md
301'Authorization': `Bearer ${process.env.CUSTOMERIO_APP_API_KEY}`
medium line 2

Webhook reference - potential data exfiltration

SourceSKILL.md
2name: customerio-webhooks-events
medium line 4

Webhook reference - potential data exfiltration

SourceSKILL.md
4Implement Customer.io webhook handling.
medium line 7

Webhook reference - potential data exfiltration

SourceSKILL.md
7Trigger with phrases like "customer.io webhook", "customer.io events",
medium line 15

Webhook reference - potential data exfiltration

SourceSKILL.md
15# Customer.io Webhooks & Events
medium line 18

Webhook reference - potential data exfiltration

SourceSKILL.md
18Implement webhook handling for Customer.io events including email delivery, opens, clicks, and bounces.
medium line 21

Webhook reference - potential data exfiltration

SourceSKILL.md
21- Public endpoint for webhooks
medium line 22

Webhook reference - potential data exfiltration

SourceSKILL.md
22- Webhook signing secret from Customer.io
medium line 27

Webhook reference - potential data exfiltration

SourceSKILL.md
27### Step 1: Webhook Event Types
low line 29

Webhook reference - potential data exfiltration

SourceSKILL.md
29// types/customerio-webhooks.ts
low line 30

Webhook reference - potential data exfiltration

SourceSKILL.md
30export type WebhookEventType =
low line 49

Webhook reference - potential data exfiltration

SourceSKILL.md
49export interface WebhookEvent {
low line 73

Webhook reference - potential data exfiltration

SourceSKILL.md
73export interface WebhookPayload {
low line 74

Webhook reference - potential data exfiltration

SourceSKILL.md
74events: WebhookEvent[];
medium line 78

Webhook reference - potential data exfiltration

SourceSKILL.md
78### Step 2: Webhook Handler with Signature Verification
low line 80

Webhook reference - potential data exfiltration

SourceSKILL.md
80// lib/webhook-handler.ts
low line 83

Webhook reference - potential data exfiltration

SourceSKILL.md
83import type { WebhookPayload, WebhookEvent } from '../types/customerio-webhooks';
low line 85

Webhook reference - potential data exfiltration

SourceSKILL.md
85export class CustomerIOWebhookHandler {
low line 115

Webhook reference - potential data exfiltration

SourceSKILL.md
115const webhookPayload: WebhookPayload = req.body;
low line 118

Webhook reference - potential data exfiltration

SourceSKILL.md
118await this.processEvents(webhookPayload.events);
low line 119

Webhook reference - potential data exfiltration

SourceSKILL.md
119res.status(200).json({ processed: webhookPayload.events.length });
low line 121

Webhook reference - potential data exfiltration

SourceSKILL.md
121console.error('Webhook processing error:', error);
low line 126

Webhook reference - potential data exfiltration

SourceSKILL.md
126async processEvents(events: WebhookEvent[]): Promise<void> {
low line 132

Webhook reference - potential data exfiltration

SourceSKILL.md
132async processEvent(event: WebhookEvent): Promise<void> {
low line 159

Webhook reference - potential data exfiltration

SourceSKILL.md
159async onEmailDelivered(event: WebhookEvent): Promise<void> {
low line 164

Webhook reference - potential data exfiltration

SourceSKILL.md
164async onEmailOpened(event: WebhookEvent): Promise<void> {
low line 169

Webhook reference - potential data exfiltration

SourceSKILL.md
169async onEmailClicked(event: WebhookEvent): Promise<void> {
low line 174

Webhook reference - potential data exfiltration

SourceSKILL.md
174async onEmailBounced(event: WebhookEvent): Promise<void> {
low line 179

Webhook reference - potential data exfiltration

SourceSKILL.md
179async onEmailComplained(event: WebhookEvent): Promise<void> {
low line 184

Webhook reference - potential data exfiltration

SourceSKILL.md
184async onEmailUnsubscribed(event: WebhookEvent): Promise<void> {
low line 193

Webhook reference - potential data exfiltration

SourceSKILL.md
193// routes/webhooks.ts
low line 195

Webhook reference - potential data exfiltration

SourceSKILL.md
195import { CustomerIOWebhookHandler } from '../lib/webhook-handler';
low line 198

Webhook reference - potential data exfiltration

SourceSKILL.md
198const webhookHandler = new CustomerIOWebhookHandler(
low line 199

Webhook reference - potential data exfiltration

SourceSKILL.md
199process.env.CUSTOMERIO_WEBHOOK_SECRET!
low line 208

Webhook reference - potential data exfiltration

SourceSKILL.md
208await webhookHandler.handleRequest(req, res);
low line 216

Webhook reference - potential data exfiltration

SourceSKILL.md
216// lib/webhook-queue.ts
low line 219

Webhook reference - potential data exfiltration

SourceSKILL.md
219import type { WebhookEvent } from '../types/customerio-webhooks';
low line 223

Webhook reference - potential data exfiltration

SourceSKILL.md
223// Queue for webhook events
low line 224

Webhook reference - potential data exfiltration

SourceSKILL.md
224const webhookQueue = new Queue('customerio-webhooks', { connection });
low line 227

Webhook reference - potential data exfiltration

SourceSKILL.md
227export async function queueWebhookEvent(event: WebhookEvent): Promise<void> {
low line 228

Webhook reference - potential data exfiltration

SourceSKILL.md
228await webhookQueue.add(event.metric, event, {
low line 241

Webhook reference - potential data exfiltration

SourceSKILL.md
241'customerio-webhooks',
low line 243

Webhook reference - potential data exfiltration

SourceSKILL.md
243const event: WebhookEvent = job.data;
low line 314

Webhook reference - potential data exfiltration

SourceSKILL.md
314import type { WebhookEvent } from '../types/customerio-webhooks';
low line 320

Webhook reference - potential data exfiltration

SourceSKILL.md
320export async function streamToBigQuery(events: WebhookEvent[]): Promise<void> {
medium line 337

Webhook reference - potential data exfiltration

SourceSKILL.md
337- Webhook event type definitions
medium line 347

Webhook reference - potential data exfiltration

SourceSKILL.md
347| Invalid signature | Verify webhook secret matches |
medium line 352

Webhook reference - potential data exfiltration

SourceSKILL.md
352- [Webhooks Documentation](https://customer.io/docs/webhooks/)
medium line 356

Webhook reference - potential data exfiltration

SourceSKILL.md
356After webhook setup, proceed to `customerio-performance-tuning` for optimization.
low line 199

Access to .env file

SourceSKILL.md
199process.env.CUSTOMERIO_WEBHOOK_SECRET!
low line 221

Access to .env file

SourceSKILL.md
221const connection = new Redis(process.env.REDIS_URL!);
low line 274

Access to .env file

SourceSKILL.md
274const apiClient = new APIClient(process.env.CUSTOMERIO_APP_API_KEY!, {
low line 287

Access to .env file

SourceSKILL.md
287'Authorization': `Bearer ${process.env.CUSTOMERIO_APP_API_KEY}`
low line 301

Access to .env file

SourceSKILL.md
301'Authorization': `Bearer ${process.env.CUSTOMERIO_APP_API_KEY}`
low line 284

External URL reference

SourceSKILL.md
284`https://api.customer.io/v1/metrics/email/${period}`,
low line 298

External URL reference

SourceSKILL.md
298`https://api.customer.io/v1/campaigns/${campaignId}/metrics`,
low line 352

External URL reference

SourceSKILL.md
352- [Webhooks Documentation](https://customer.io/docs/webhooks/)
low line 353

External URL reference

SourceSKILL.md
353- [Reporting API](https://customer.io/docs/api/app/)
Scanned on Feb 21, 2026
View Security Dashboard
Installation guide →
GitHub Stars 508
Rate this skill
Categorymarketing
UpdatedApril 4, 2026
openclawapiemail-marketergrowth-marketermarketing-analystmarketing
Dicklesworthstone/pi_agent_rust