webhook-integration

Enables secure webhook systems for real-time integrations, ensuring reliable event-driven communication between services.

Install this skill

or

0/100

Security score

The webhook-integration skill was audited on Feb 12, 2026 and we found 115 security issues across 4 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 98

Template literal with variable interpolation in command context

SourceSKILL.md

98	throw new Error(`Event type ${event.type} not subscribed`);

medium line 132

Template literal with variable interpolation in command context

SourceSKILL.md

132	`Webhook delivered successfully to ${endpoint.url} (attempt ${attempt + 1})`

medium line 148

Template literal with variable interpolation in command context

SourceSKILL.md

148	`Webhook delivery failed to ${endpoint.url} (attempt ${attempt + 1}):`,

medium line 160

Template literal with variable interpolation in command context

SourceSKILL.md

160	`Webhook delivery failed after ${this.maxRetries} attempts`

medium line 179

Template literal with variable interpolation in command context

SourceSKILL.md

179	console.error(`Failed to deliver to ${endpoint.url}:`, error);

medium line 371

Template literal with variable interpolation in command context

SourceSKILL.md

371	console.log(`Unknown event type: ${type}`);

medium line 428

Template literal with variable interpolation in command context

SourceSKILL.md

428	job.log(`Delivering webhook to ${endpoint.url}`);

medium line 443

Template literal with variable interpolation in command context

SourceSKILL.md

443	console.log(`Webhook delivered: ${job.id}`, result);

medium line 447

Template literal with variable interpolation in command context

SourceSKILL.md

447	console.error(`Webhook delivery failed: ${job?.id}`, err);

medium line 451

Template literal with variable interpolation in command context

SourceSKILL.md

451	console.warn(`Webhook delivery stalled: ${job.id}`);

medium line 464

Template literal with variable interpolation in command context

SourceSKILL.md

464	jobId: `${event.id}-${endpoint.url}`,

medium line 478

Template literal with variable interpolation in command context

SourceSKILL.md

478	jobId: `${event.id}-${endpoint.url}`

medium line 600

Template literal with variable interpolation in command context

SourceSKILL.md

600	console.log(`Webhook test server running on port ${port}`);

medium line 2

Webhook reference - potential data exfiltration

SourceSKILL.md

2	name: webhook-integration

medium line 3

Webhook reference - potential data exfiltration

SourceSKILL.md

3	description: Implement secure webhook systems for event-driven integrations, including signature verification, retry logic, and delivery guarantees. Use when building third-party integrations, event n

medium line 6

Webhook reference - potential data exfiltration

SourceSKILL.md

6	# Webhook Integration

medium line 10

Webhook reference - potential data exfiltration

SourceSKILL.md

10	Implement robust webhook systems for event-driven architectures, enabling real-time communication between services and third-party integrations.

medium line 23

Webhook reference - potential data exfiltration

SourceSKILL.md

23	## Webhook Architecture

low line 27

Webhook reference - potential data exfiltration

SourceSKILL.md

27	│ Event │────────▶│ Webhook │────────▶│ Consumer │

medium line 40

Webhook reference - potential data exfiltration

SourceSKILL.md

40	### 1. Webhook Sender (TypeScript)

low line 46

Webhook reference - potential data exfiltration

SourceSKILL.md

46	interface WebhookEvent {

low line 53

Webhook reference - potential data exfiltration

SourceSKILL.md

53	interface WebhookEndpoint {

low line 68

Webhook reference - potential data exfiltration

SourceSKILL.md

68	class WebhookSender {

low line 74

Webhook reference - potential data exfiltration

SourceSKILL.md

74	* Generate HMAC signature for webhook payload

low line 87

Webhook reference - potential data exfiltration

SourceSKILL.md

87	* Send webhook to endpoint

low line 90

Webhook reference - potential data exfiltration

SourceSKILL.md

90	endpoint: WebhookEndpoint,

low line 91

Webhook reference - potential data exfiltration

SourceSKILL.md

91	event: WebhookEvent

low line 113

Webhook reference - potential data exfiltration

SourceSKILL.md

113	'X-Webhook-Signature': signature,

low line 114

Webhook reference - potential data exfiltration

SourceSKILL.md

114	'X-Webhook-ID': event.id,

low line 115

Webhook reference - potential data exfiltration

SourceSKILL.md

115	'X-Webhook-Timestamp': event.timestamp.toString(),

low line 116

Webhook reference - potential data exfiltration

SourceSKILL.md

116	'User-Agent': 'WebhookService/1.0'

low line 132

Webhook reference - potential data exfiltration

SourceSKILL.md

132	`Webhook delivered successfully to ${endpoint.url} (attempt ${attempt + 1})`

low line 148

Webhook reference - potential data exfiltration

SourceSKILL.md

148	`Webhook delivery failed to ${endpoint.url} (attempt ${attempt + 1}):`,

low line 160

Webhook reference - potential data exfiltration

SourceSKILL.md

160	`Webhook delivery failed after ${this.maxRetries} attempts`

low line 165

Webhook reference - potential data exfiltration

SourceSKILL.md

165	* Batch send webhooks

low line 168

Webhook reference - potential data exfiltration

SourceSKILL.md

168	endpoints: WebhookEndpoint[],

low line 169

Webhook reference - potential data exfiltration

SourceSKILL.md

169	event: WebhookEvent

low line 193

Webhook reference - potential data exfiltration

SourceSKILL.md

193	const sender = new WebhookSender();

low line 195

Webhook reference - potential data exfiltration

SourceSKILL.md

195	const endpoint: WebhookEndpoint = {

low line 196

Webhook reference - potential data exfiltration

SourceSKILL.md

196	url: 'https://api.example.com/webhooks',

low line 197

Webhook reference - potential data exfiltration

SourceSKILL.md

197	secret: 'your-webhook-secret',

low line 202

Webhook reference - potential data exfiltration

SourceSKILL.md

202	const event: WebhookEvent = {

medium line 215

Webhook reference - potential data exfiltration

SourceSKILL.md

215	### 2. Webhook Receiver (Express)

low line 222

Webhook reference - potential data exfiltration

SourceSKILL.md

222	interface WebhookConfig {

low line 228

Webhook reference - potential data exfiltration

SourceSKILL.md

228	class WebhookReceiver {

low line 229

Webhook reference - potential data exfiltration

SourceSKILL.md

229	constructor(private config: WebhookConfig) {}

low line 232

Webhook reference - potential data exfiltration

SourceSKILL.md

232	* Verify webhook signature

low line 260

Webhook reference - potential data exfiltration

SourceSKILL.md

260	* Middleware for webhook verification

low line 271

Webhook reference - potential data exfiltration

SourceSKILL.md

271	req.headers['x-webhook-timestamp'] as string

low line 299

Webhook reference - potential data exfiltration

SourceSKILL.md

299	console.error('Webhook verification error:', error);

low line 318

Webhook reference - potential data exfiltration

SourceSKILL.md

318	const receiver = new WebhookReceiver({

low line 319

Webhook reference - potential data exfiltration

SourceSKILL.md

319	secret: process.env.WEBHOOK_SECRET!,

low line 320

Webhook reference - potential data exfiltration

SourceSKILL.md

320	signatureHeader: 'x-webhook-signature',

low line 324

Webhook reference - potential data exfiltration

SourceSKILL.md

324	// Webhook endpoint

low line 325

Webhook reference - potential data exfiltration

SourceSKILL.md

325	app.post('/webhooks',

low line 342

Webhook reference - potential data exfiltration

SourceSKILL.md

342	// Process webhook event

low line 343

Webhook reference - potential data exfiltration

SourceSKILL.md

343	await processWebhookEvent(type, data);

low line 354

Webhook reference - potential data exfiltration

SourceSKILL.md

354	console.error('Webhook processing error:', error);

low line 362

Webhook reference - potential data exfiltration

SourceSKILL.md

362	async function processWebhookEvent(type: string, data: any): Promise<void> {

low line 388

Webhook reference - potential data exfiltration

SourceSKILL.md

388	console.log('Webhook receiver listening on port 3000');

medium line 392

Webhook reference - potential data exfiltration

SourceSKILL.md

392	### 3. Webhook Queue with Bull

low line 398

Webhook reference - potential data exfiltration

SourceSKILL.md

398	interface WebhookJob {

low line 399

Webhook reference - potential data exfiltration

SourceSKILL.md

399	endpoint: WebhookEndpoint;

low line 400

Webhook reference - potential data exfiltration

SourceSKILL.md

400	event: WebhookEvent;

low line 403

Webhook reference - potential data exfiltration

SourceSKILL.md

403	class WebhookQueue {

low line 404

Webhook reference - potential data exfiltration

SourceSKILL.md

404	private queue: Queue.Queue<WebhookJob>;

low line 407

Webhook reference - potential data exfiltration

SourceSKILL.md

407	this.queue = new Queue('webhooks', redisUrl, {

low line 424

Webhook reference - potential data exfiltration

SourceSKILL.md

424	// Process webhook deliveries

low line 428

Webhook reference - potential data exfiltration

SourceSKILL.md

428	job.log(`Delivering webhook to ${endpoint.url}`);

low line 430

Webhook reference - potential data exfiltration

SourceSKILL.md

430	const sender = new WebhookSender();

low line 443

Webhook reference - potential data exfiltration

SourceSKILL.md

443	console.log(`Webhook delivered: ${job.id}`, result);

low line 447

Webhook reference - potential data exfiltration

SourceSKILL.md

447	console.error(`Webhook delivery failed: ${job?.id}`, err);

low line 451

Webhook reference - potential data exfiltration

SourceSKILL.md

451	console.warn(`Webhook delivery stalled: ${job.id}`);

low line 456

Webhook reference - potential data exfiltration

SourceSKILL.md

456	endpoint: WebhookEndpoint,

low line 457

Webhook reference - potential data exfiltration

SourceSKILL.md

457	event: WebhookEvent,

low line 459

Webhook reference - potential data exfiltration

SourceSKILL.md

459	): Promise<Queue.Job<WebhookJob>> {

low line 471

Webhook reference - potential data exfiltration

SourceSKILL.md

471	endpoints: WebhookEndpoint[],

low line 472

Webhook reference - potential data exfiltration

SourceSKILL.md

472	event: WebhookEvent

low line 473

Webhook reference - potential data exfiltration

SourceSKILL.md

473	): Promise<Queue.Job<WebhookJob>[]> {

low line 523

Webhook reference - potential data exfiltration

SourceSKILL.md

523	const webhookQueue = new WebhookQueue('redis://localhost:6379');

low line 525

Webhook reference - potential data exfiltration

SourceSKILL.md

525	// Enqueue single webhook

low line 526

Webhook reference - potential data exfiltration

SourceSKILL.md

526	await webhookQueue.enqueue(endpoint, event, {

low line 532

Webhook reference - potential data exfiltration

SourceSKILL.md

532	await webhookQueue.enqueueBatch(endpoints, event);

low line 535

Webhook reference - potential data exfiltration

SourceSKILL.md

535	const status = await webhookQueue.getJobStatus('job-id');

medium line 539

Webhook reference - potential data exfiltration

SourceSKILL.md

539	### 4. Webhook Testing Utilities

low line 545

Webhook reference - potential data exfiltration

SourceSKILL.md

545	class WebhookTester {

low line 547

Webhook reference - potential data exfiltration

SourceSKILL.md

547	private receivedEvents: WebhookEvent[] = [];

low line 557

Webhook reference - potential data exfiltration

SourceSKILL.md

557	this.app.post('/test-webhook', (req, res) => {

low line 561

Webhook reference - potential data exfiltration

SourceSKILL.md

561	const signature = req.headers['x-webhook-signature'] as string;

low line 569

Webhook reference - potential data exfiltration

SourceSKILL.md

569	console.log('Received webhook:', event);

low line 579

Webhook reference - potential data exfiltration

SourceSKILL.md

579	this.app.post('/test-webhook/fail', (req, res) => {

low line 600

Webhook reference - potential data exfiltration

SourceSKILL.md

600	console.log(`Webhook test server running on port ${port}`);

low line 604

Webhook reference - potential data exfiltration

SourceSKILL.md

604	getReceivedEvents(): WebhookEvent[] {

low line 613

Webhook reference - potential data exfiltration

SourceSKILL.md

613	* Create mock webhook event

low line 615

Webhook reference - potential data exfiltration

SourceSKILL.md

615	static createMockEvent(type: string, data: any): WebhookEvent {

low line 626

Webhook reference - potential data exfiltration

SourceSKILL.md

626	const tester = new WebhookTester();

low line 629

Webhook reference - potential data exfiltration

SourceSKILL.md

629	// Send test webhook

low line 630

Webhook reference - potential data exfiltration

SourceSKILL.md

630	const mockEvent = WebhookTester.createMockEvent('user.created', {

low line 635

Webhook reference - potential data exfiltration

SourceSKILL.md

635	const sender = new WebhookSender();

low line 638

Webhook reference - potential data exfiltration

SourceSKILL.md

638	url: 'http://localhost:3001/test-webhook',

medium line 661

Webhook reference - potential data exfiltration

SourceSKILL.md

661	- Provide webhook testing tools

medium line 662

Webhook reference - potential data exfiltration

SourceSKILL.md

662	- Document webhook payload schemas

medium line 663

Webhook reference - potential data exfiltration

SourceSKILL.md

663	- Implement webhook management UI

medium line 665

Webhook reference - potential data exfiltration

SourceSKILL.md

665	- Support webhook versioning

medium line 668

Webhook reference - potential data exfiltration

SourceSKILL.md

668	- Send sensitive data in webhooks

medium line 673

Webhook reference - potential data exfiltration

SourceSKILL.md

673	- Send webhooks to localhost (in production)

medium line 684

Webhook reference - potential data exfiltration

SourceSKILL.md

684	- [ ] Validate webhook URLs

medium line 692

Webhook reference - potential data exfiltration

SourceSKILL.md

692	- [Stripe Webhooks Guide](https://stripe.com/docs/webhooks)

medium line 693

Webhook reference - potential data exfiltration

SourceSKILL.md

693	- [GitHub Webhooks](https://docs.github.com/en/developers/webhooks-and-events/webhooks)

medium line 694

Webhook reference - potential data exfiltration

SourceSKILL.md

694	- [Webhook Best Practices](https://webhooks.fyi/)

low line 319

Access to .env file

SourceSKILL.md

319	secret: process.env.WEBHOOK_SECRET!,

low line 196

External URL reference

SourceSKILL.md

196	url: 'https://api.example.com/webhooks',

low line 638

External URL reference

SourceSKILL.md

638	url: 'http://localhost:3001/test-webhook',

low line 692

External URL reference

SourceSKILL.md

692	- [Stripe Webhooks Guide](https://stripe.com/docs/webhooks)

low line 694

External URL reference

SourceSKILL.md

694	- [Webhook Best Practices](https://webhooks.fyi/)

Scanned on Feb 12, 2026

View Security Dashboard

Installation guide →

GitHub Stars 55

Rate this skill

Categorydevelopment

UpdatedMay 21, 2026

openclaw api backend backend-developer devops-sre growth-marketer stripe github development marketing

NeverSight/skills_feed