lucidchart-webhooks-events
Integrates Lucidchart webhooks for real-time notifications on document changes, enhancing collaboration and automation.
Install this skill
Security score
The lucidchart-webhooks-events skill was audited on May 26, 2026 and we found 29 security issues across 5 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 44 | { headers: { Authorization: `Bearer ${process.env.LUCID_ACCESS_TOKEN}`, |
Template literal with variable interpolation in command context
| 81 | console.log(`New doc: "${data.title}" by ${data.creatorId} in ${data.folderId}`); |
Template literal with variable interpolation in command context
| 84 | console.log(`Doc updated: ${data.documentId}, pages: ${data.pageCount}`); |
Template literal with variable interpolation in command context
| 87 | console.log(`Doc shared: ${data.documentId} → ${data.recipientEmail} (${data.permission})`); |
Template literal with variable interpolation in command context
| 90 | console.log(`Shape: ${data.shapeType} on page ${data.pageId} of doc ${data.documentId}`); |
Template literal with variable interpolation in command context
| 93 | console.log(`${data.userId} joined doc ${data.documentId} as ${data.role}`); |
Template literal with variable interpolation in command context
| 96 | console.warn(`Unhandled event: ${eventType}`); |
Webhook reference - potential data exfiltration
| 2 | name: lucidchart-webhooks-events |
Webhook reference - potential data exfiltration
| 3 | description: 'Webhooks Events for Lucidchart. |
Webhook reference - potential data exfiltration
| 5 | Trigger: "lucidchart webhooks events". |
Webhook reference - potential data exfiltration
| 18 | # Lucidchart Webhooks & Events |
Webhook reference - potential data exfiltration
| 22 | Lucidchart delivers real-time webhook notifications when documents, shapes, and collaboration states change across your organization's diagramming workspace. These events power integrations such as au |
Webhook reference - potential data exfiltration
| 27 | - Webhook endpoint URL accessible over HTTPS (TLS 1.2+) |
Webhook reference - potential data exfiltration
| 28 | - Webhook signing secret from the Lucid app settings (`LUCID_WEBHOOK_SECRET`) |
Webhook reference - potential data exfiltration
| 31 | ## Webhook Registration |
Webhook reference - potential data exfiltration
| 37 | "https://api.lucid.co/v1/webhooks", |
Webhook reference - potential data exfiltration
| 39 | callbackUrl: "https://your-app.com/webhooks/lucidchart", |
Webhook reference - potential data exfiltration
| 47 | console.log("Webhook ID:", res.data.webhookId); |
Webhook reference - potential data exfiltration
| 62 | .createHmac("sha256", process.env.LUCID_WEBHOOK_SECRET!) |
Webhook reference - potential data exfiltration
| 76 | app.post("/webhooks/lucidchart", verifyLucidSignature, (req, res) => { |
Webhook reference - potential data exfiltration
| 127 | // After 3 consecutive failures the webhook is marked inactive and must be re-enabled via API. |
Webhook reference - potential data exfiltration
| 134 | | 403 on signature check | Signing secret regenerated in Lucid dashboard | Update `LUCID_WEBHOOK_SECRET` and redeploy | |
Webhook reference - potential data exfiltration
| 135 | | Events arrive for wrong account | Webhook scope set to `user` instead of `account` | Re-register with `"scope": "account"` | |
Webhook reference - potential data exfiltration
| 137 | | Webhook marked inactive | Endpoint returned errors for 3 retries | Fix endpoint, then PATCH webhook status to `active` | |
Access to .env file
| 44 | { headers: { Authorization: `Bearer ${process.env.LUCID_ACCESS_TOKEN}`, |
Access to .env file
| 62 | .createHmac("sha256", process.env.LUCID_WEBHOOK_SECRET!) |
Buffer.from base64 decode
| 66 | if (!crypto.timingSafeEqual(Buffer.from(signature, "base64"), Buffer.from(expected, "base64"))) { |
External URL reference
| 37 | "https://api.lucid.co/v1/webhooks", |
External URL reference
| 39 | callbackUrl: "https://your-app.com/webhooks/lucidchart", |