Skip to main content

coderabbit-fix

Implements focused fixes for CodeRabbit review issues, ensuring rigorous testing and verification for code quality.

Install this skill

or
78/100

Security score

The coderabbit-fix skill was audited on Feb 9, 2026 and we found 22 security issues across 2 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

low line 41

Webhook reference - potential data exfiltration

SourceSKILL.md
41- Is HMAC-SHA256 the right algorithm? (Yes, industry standard for webhooks)
low line 71

Webhook reference - potential data exfiltration

SourceSKILL.md
71function verifyWebhookSignature(request) {
low line 73

Webhook reference - potential data exfiltration

SourceSKILL.md
73if (!request.headers["x-webhook-signature"]) {
low line 74

Webhook reference - potential data exfiltration

SourceSKILL.md
74logger.warn({ event: "signature_missing", webhook_id: request.id });
low line 79

Webhook reference - potential data exfiltration

SourceSKILL.md
79logger.warn({ event: "body_empty", webhook_id: request.id });
low line 80

Webhook reference - potential data exfiltration

SourceSKILL.md
80throw new BadRequestError("Empty webhook body");
low line 85

Webhook reference - potential data exfiltration

SourceSKILL.md
85.createHmac("sha256", process.env.WEBHOOK_SECRET)
low line 89

Webhook reference - potential data exfiltration

SourceSKILL.md
89const providedSignature = request.headers["x-webhook-signature"];
low line 95

Webhook reference - potential data exfiltration

SourceSKILL.md
95webhook_id: request.id,
low line 99

Webhook reference - potential data exfiltration

SourceSKILL.md
99throw new UnauthorizedError("Invalid webhook signature");
low line 148

Webhook reference - potential data exfiltration

SourceSKILL.md
148npm test -- src/webhooks.test.ts
low line 188

Webhook reference - potential data exfiltration

SourceSKILL.md
188"file": "src/webhooks.ts",
low line 191

Webhook reference - potential data exfiltration

SourceSKILL.md
191"domain": "payment-webhook-security",
low line 196

Webhook reference - potential data exfiltration

SourceSKILL.md
196"files_modified": ["src/webhooks.ts"]
low line 200

Webhook reference - potential data exfiltration

SourceSKILL.md
200"Added HMAC-SHA256 signature verification at webhook handler entry",
low line 204

Webhook reference - potential data exfiltration

SourceSKILL.md
204"Created verifyWebhookSignature() utility function"
low line 208

Webhook reference - potential data exfiltration

SourceSKILL.md
208"algorithm": "HMAC-SHA256 is industry standard for webhook security (see RFC 6234)",
low line 216

Webhook reference - potential data exfiltration

SourceSKILL.md
216"before": "function handleWebhook(req, res) { ... }",
low line 217

Webhook reference - potential data exfiltration

SourceSKILL.md
217"after": "function handleWebhook(req, res) { verifyWebhookSignature(req); ... }"
low line 222

Webhook reference - potential data exfiltration

SourceSKILL.md
222"webhook_security_tests": "8/8 passing",
low line 250

Webhook reference - potential data exfiltration

SourceSKILL.md
250"notes": "Implementation includes defense-in-depth: signature + timing attack prevention + replay protection + detailed logging. Aligns with OWASP webhook security guidelines."
low line 85

Access to .env file

SourceSKILL.md
85.createHmac("sha256", process.env.WEBHOOK_SECRET)
Scanned on Feb 9, 2026
View Security Dashboard
Installation guide →
GitHub Stars 106
Rate this skill
Categorydevelopment
UpdatedMay 21, 2026
openclawbackendtestingbackend-developerqa-engineerdevops-sredevelopment
majiayu000/claude-skill-registry