CtrlK
BlogDocsLog inGet started
Tessl Logo

paddle-webhooks

Receive and verify Paddle webhooks in a Next.js Route Handler — signature verification, idempotency, retry semantics, and local testing.

87

1.13x
Quality

80%

Does it follow best practices?

Impact

99%

1.13x

Average score across 3 eval scenarios

SecuritybySnyk

Advisory

Suggest reviewing before use

Fix and improve this skill with Tessl

tessl review fix ./skills/webhooks/SKILL.md
SKILL.md
Quality
Evals
Security

Quality

Content

77%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This is a high-quality, deeply actionable skill that provides executable code, clear workflows, and thorough verification steps for Paddle webhook integration. Its main weakness is verbosity — several concepts (single-catch rationale, idempotency, retry semantics) are explained multiple times across different sections, and the MCP conventions block adds significant length for a tangential concern. The content would benefit from trimming redundant explanations and splitting reference material into companion files.

Suggestions

Extract the MCP conventions block into a separate reference file (e.g., PADDLE_MCP.md) and link to it — it's useful but tangential to the core webhook skill and adds ~150 words of context.

Consolidate the repeated explanations of why a single catch with one non-2xx status is correct — it's explained in the code comments, in the paragraph after the code block, and again in Common Pitfalls. Keep one authoritative explanation.

Consider moving the 'Common pitfalls' section to a separate PITFALLS.md or trimming entries that restate guidance already given in the steps (e.g., 'Parsing the body before verification' and 'Slow handlers' are already covered inline).

DimensionReasoningScore

Conciseness

The skill is thorough and mostly well-targeted, but includes some redundant explanations — e.g., the lengthy paragraph re-explaining why a single catch is used (already covered in the code comments), the full MCP conventions block that's tangential to the core webhook skill, and repeated explanations of the same retry/idempotency concepts across multiple sections. Several points in 'Common pitfalls' restate what was already explained in Steps 3-5.

2 / 3

Actionability

Excellent actionability throughout: fully executable TypeScript code for the route handler, SDK initialization, event routing, idempotency patterns (both UPSERT and event-id ledger with SQL), concrete bash commands for ngrok and npm install, and specific environment variable names. The TODO placeholders in handlers are appropriate since they reference companion skills.

3 / 3

Workflow Clarity

The 6-step workflow is clearly sequenced from destination creation through handler implementation to verification. Step 7 ('Verify the integration') provides an explicit validation checklist including a deliberate failure test (tamper with secret, confirm non-2xx, restore and confirm retry succeeds). The feedback loop for error recovery is well-articulated through the retry semantics and the verification steps.

3 / 3

Progressive Disclosure

The skill references companion skills (subscription-sync, sandbox-testing, checkout-web, catalog-setup) and external docs well, but the content itself is quite long and monolithic. The MCP conventions block, the extended 'delivery contract' section, and the lengthy 'common pitfalls' section could be split into referenced files. Without bundle files, the inline content is heavier than ideal for a SKILL.md overview.

2 / 3

Total

10

/

12

Passed

Description

82%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This is a well-crafted description with strong specificity and excellent trigger terms that clearly identify the technology stack (Paddle, Next.js) and the specific capabilities (signature verification, idempotency, retry semantics, local testing). Its main weakness is the absence of an explicit 'Use when...' clause, which would help Claude know exactly when to select this skill over others.

Suggestions

Add a 'Use when...' clause such as 'Use when the user needs to handle Paddle webhooks, set up payment event listeners, or integrate Paddle billing notifications in a Next.js application.'

DimensionReasoningScore

Specificity

Lists multiple specific concrete actions: 'signature verification, idempotency, retry semantics, and local testing' alongside the core action of receiving and verifying Paddle webhooks in a Next.js Route Handler.

3 / 3

Completeness

Clearly answers 'what does this do' (receive/verify Paddle webhooks with signature verification, idempotency, retry semantics, local testing), but lacks an explicit 'Use when...' clause or equivalent trigger guidance, which caps this at 2 per the rubric.

2 / 3

Trigger Term Quality

Includes strong natural keywords users would say: 'Paddle', 'webhooks', 'Next.js', 'Route Handler', 'signature verification', 'idempotency', 'retry', 'local testing'. These are terms a developer would naturally use when seeking help with this task.

3 / 3

Distinctiveness Conflict Risk

Highly distinctive — the combination of 'Paddle webhooks' + 'Next.js Route Handler' creates a very specific niche that is unlikely to conflict with other skills. The specific payment provider and framework narrow the scope considerably.

3 / 3

Total

11

/

12

Passed

Validation

100%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation11 / 11 Passed

Validation for skill structure

No warnings or errors.

Repository
PaddleHQ/paddle-agent-skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.