Skip to main content

github-webhooks

Facilitates the setup and verification of GitHub webhooks for handling repository events like pushes and pull requests.

Install this skill

or
0/100

Security score

The github-webhooks skill was audited on Feb 12, 2026 and we found 39 security issues across 3 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 73

Template literal with variable interpolation in command context

SourceSKILL.md
73console.log(`Received ${event} (delivery: ${delivery})`);
medium line 78

Template literal with variable interpolation in command context

SourceSKILL.md
78console.log(`Push to ${payload.ref}:`, payload.head_commit?.message);
medium line 81

Template literal with variable interpolation in command context

SourceSKILL.md
81console.log(`PR #${payload.number} ${payload.action}:`, payload.pull_request?.title);
medium line 84

Template literal with variable interpolation in command context

SourceSKILL.md
84console.log(`Issue #${payload.issue?.number} ${payload.action}:`, payload.issue?.title);
medium line 2

Webhook reference - potential data exfiltration

SourceSKILL.md
2name: github-webhooks
medium line 4

Webhook reference - potential data exfiltration

SourceSKILL.md
4Receive and verify GitHub webhooks. Use when setting up GitHub webhook
medium line 11

Webhook reference - potential data exfiltration

SourceSKILL.md
11repository: https://github.com/hookdeck/webhook-skills
medium line 14

Webhook reference - potential data exfiltration

SourceSKILL.md
14# GitHub Webhooks
medium line 18

Webhook reference - potential data exfiltration

SourceSKILL.md
18- Setting up GitHub webhook handlers
low line 30

Webhook reference - potential data exfiltration

SourceSKILL.md
30function verifyGitHubWebhook(rawBody, signatureHeader, secret) {
medium line 50

Webhook reference - potential data exfiltration

SourceSKILL.md
50### Express Webhook Handler
low line 57

Webhook reference - potential data exfiltration

SourceSKILL.md
57app.post('/webhooks/github',
low line 65

Webhook reference - potential data exfiltration

SourceSKILL.md
65if (!verifyGitHubWebhook(req.body, signature, process.env.GITHUB_WEBHOOK_SECRET)) {
low line 104

Webhook reference - potential data exfiltration

SourceSKILL.md
104def verify_github_webhook(raw_body: bytes, signature_header: str, secret: str) -> bool:
medium line 134

Webhook reference - potential data exfiltration

SourceSKILL.md
134| `ping` | Test event when webhook created |
medium line 136

Webhook reference - potential data exfiltration

SourceSKILL.md
136> **For full event reference**, see [GitHub Webhook Events](https://docs.github.com/en/webhooks/webhook-events-and-payloads)
low line 149

Webhook reference - potential data exfiltration

SourceSKILL.md
149GITHUB_WEBHOOK_SECRET=your_webhook_secret # Set when creating webhook in GitHub
low line 155

Webhook reference - potential data exfiltration

SourceSKILL.md
155# Install Hookdeck CLI for local webhook testing
low line 159

Webhook reference - potential data exfiltration

SourceSKILL.md
159hookdeck listen 3000 --path /webhooks/github
medium line 164

Webhook reference - potential data exfiltration

SourceSKILL.md
164- [references/overview.md](references/overview.md) - GitHub webhook concepts
low line 173

Webhook reference - potential data exfiltration

SourceSKILL.md
173// Generated with: github-webhooks skill
low line 174

Webhook reference - potential data exfiltration

SourceSKILL.md
174// https://github.com/hookdeck/webhook-skills
medium line 177

Webhook reference - potential data exfiltration

SourceSKILL.md
177## Recommended: webhook-handler-patterns
medium line 179

Webhook reference - potential data exfiltration

SourceSKILL.md
179We recommend installing the [webhook-handler-patterns](https://github.com/hookdeck/webhook-skills/tree/main/skills/webhook-handler-patterns) skill alongside this one for handler sequence, idempotency,
medium line 181

Webhook reference - potential data exfiltration

SourceSKILL.md
181- [Handler sequence](https://github.com/hookdeck/webhook-skills/blob/main/skills/webhook-handler-patterns/references/handler-sequence.md) — Verify first, parse second, handle idempotently third
medium line 182

Webhook reference - potential data exfiltration

SourceSKILL.md
182- [Idempotency](https://github.com/hookdeck/webhook-skills/blob/main/skills/webhook-handler-patterns/references/idempotency.md) — Prevent duplicate processing
medium line 183

Webhook reference - potential data exfiltration

SourceSKILL.md
183- [Error handling](https://github.com/hookdeck/webhook-skills/blob/main/skills/webhook-handler-patterns/references/error-handling.md) — Return codes, logging, dead letter queues
medium line 184

Webhook reference - potential data exfiltration

SourceSKILL.md
184- [Retry logic](https://github.com/hookdeck/webhook-skills/blob/main/skills/webhook-handler-patterns/references/retry-logic.md) — Provider retry schedules, backoff patterns
medium line 188

Webhook reference - potential data exfiltration

SourceSKILL.md
188- [stripe-webhooks](https://github.com/hookdeck/webhook-skills/tree/main/skills/stripe-webhooks) - Stripe payment webhook handling
medium line 189

Webhook reference - potential data exfiltration

SourceSKILL.md
189- [shopify-webhooks](https://github.com/hookdeck/webhook-skills/tree/main/skills/shopify-webhooks) - Shopify e-commerce webhook handling
medium line 190

Webhook reference - potential data exfiltration

SourceSKILL.md
190- [resend-webhooks](https://github.com/hookdeck/webhook-skills/tree/main/skills/resend-webhooks) - Resend email webhook handling
medium line 191

Webhook reference - potential data exfiltration

SourceSKILL.md
191- [chargebee-webhooks](https://github.com/hookdeck/webhook-skills/tree/main/skills/chargebee-webhooks) - Chargebee billing webhook handling
medium line 192

Webhook reference - potential data exfiltration

SourceSKILL.md
192- [clerk-webhooks](https://github.com/hookdeck/webhook-skills/tree/main/skills/clerk-webhooks) - Clerk auth webhook handling
medium line 193

Webhook reference - potential data exfiltration

SourceSKILL.md
193- [elevenlabs-webhooks](https://github.com/hookdeck/webhook-skills/tree/main/skills/elevenlabs-webhooks) - ElevenLabs webhook handling
medium line 194

Webhook reference - potential data exfiltration

SourceSKILL.md
194- [openai-webhooks](https://github.com/hookdeck/webhook-skills/tree/main/skills/openai-webhooks) - OpenAI webhook handling
medium line 195

Webhook reference - potential data exfiltration

SourceSKILL.md
195- [paddle-webhooks](https://github.com/hookdeck/webhook-skills/tree/main/skills/paddle-webhooks) - Paddle billing webhook handling
medium line 196

Webhook reference - potential data exfiltration

SourceSKILL.md
196- [webhook-handler-patterns](https://github.com/hookdeck/webhook-skills/tree/main/skills/webhook-handler-patterns) - Handler sequence, idempotency, error handling, retry logic
medium line 197

Webhook reference - potential data exfiltration

SourceSKILL.md
197- [hookdeck-event-gateway](https://github.com/hookdeck/webhook-skills/tree/main/skills/hookdeck-event-gateway) - Production webhook infrastructure (routing, replay, monitoring)
low line 65

Access to .env file

SourceSKILL.md
65if (!verifyGitHubWebhook(req.body, signature, process.env.GITHUB_WEBHOOK_SECRET)) {
Scanned on Feb 12, 2026
View Security Dashboard
Installation guide →
GitHub Stars 106
Rate this skill
Categorydevelopment
UpdatedMay 21, 2026
openclawapibackend-developerdevops-sredata-engineergithubdevelopment
majiayu000/claude-skill-registry