webhooks
Facilitates HTTP callbacks for events, enabling seamless integrations and real-time notifications between systems.
Install this skill
Security score
The webhooks skill was audited on Feb 24, 2026 and we found 14 security issues across 3 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 40 | res.status(400).send(`Webhook Error: ${err.message}`); |
Webhook reference - potential data exfiltration
| 2 | name: webhooks |
Webhook reference - potential data exfiltration
| 3 | description: Webhooks HTTP callbacks for events. Use for integrations. |
Webhook reference - potential data exfiltration
| 6 | # Webhooks |
Webhook reference - potential data exfiltration
| 8 | Webhooks are "user-defined HTTP callbacks". They are triggered by some event in a source system (e.g., Stripe, GitHub) and sent to a destination system (Your API) to notify it. |
Webhook reference - potential data exfiltration
| 19 | // Your Webhook Handler (Receiver) |
Webhook reference - potential data exfiltration
| 21 | "/webhooks/stripe", |
Webhook reference - potential data exfiltration
| 28 | const event = stripe.webhooks.constructEvent( |
Webhook reference - potential data exfiltration
| 40 | res.status(400).send(`Webhook Error: ${err.message}`); |
Webhook reference - potential data exfiltration
| 50 | Since Webhook endpoints are public, anyone can POST to them. You must verify the **Signature** (HMAC) usually sent in a header to prove the sender's identity. |
Webhook reference - potential data exfiltration
| 78 | - [Stripe Webhooks Guide](https://stripe.com/docs/webhooks) |
Webhook reference - potential data exfiltration
| 79 | - [Standard Webhooks](https://www.standardwebhooks.com/) |
External URL reference
| 78 | - [Stripe Webhooks Guide](https://stripe.com/docs/webhooks) |
External URL reference
| 79 | - [Standard Webhooks](https://www.standardwebhooks.com/) |
Install this skill with one command
/learn @g1joshi/webhooks