github-webhooks

Receive and verify GitHub webhooks. Use when setting up GitHub webhook handlers, debugging signature verification, or handling repository events like push, pull_request, issues, or release.

Quality

77%

Does it follow best practices?

Impact

—

No eval scenarios have been run

Securityby

Advisory

Suggest reviewing before use

Fix and improve this skill with Tessl

tessl review fix ./skills/github-webhooks/SKILL.md

Quality

Content

64%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The skill excels at its core purpose—providing executable webhook signature verification code in two languages—but is weighed down by excessive cross-referencing to related skills and promotional content. The workflow for building a complete webhook handler is implicit rather than explicit, and the event types table adds little that Claude doesn't already know.

Suggestions

Remove or drastically shorten the 'Related Skills' section—listing 10 other skills is promotional padding that wastes tokens.

Add an explicit numbered workflow for building a complete webhook handler (e.g., 1. Set up route, 2. Verify signature, 3. Parse event type, 4. Dispatch handler, 5. Return 200 immediately), with validation checkpoints.

Trim the event types table to just the header names or remove it entirely—Claude knows what push and pull_request events are.

Dimension	Reasoning	Score
Conciseness	The core verification section is efficient and well-targeted, but the skill is padded with a long 'Related Skills' section listing 10 other skills, a 'Recommended' section with external links, and an attribution block that adds little value. The event types table explains things Claude already knows (e.g., 'Commits pushed to branch').	2 / 3
Actionability	Provides fully executable verification code in both Node.js and Python, with correct use of timing-safe comparison. The local development command is copy-paste ready, and the environment variable setup is concrete.	3 / 3
Workflow Clarity	The verification logic is clear as a single step, but there's no explicit workflow sequence for setting up a complete webhook handler (receive → verify → parse → dispatch → respond). The skill mentions handler sequence in the recommended skill but doesn't provide its own workflow with validation checkpoints.	2 / 3
Progressive Disclosure	References to examples/ directories and references/ files are well-signaled, but no bundle files were provided to verify these exist. The 'Related Skills' and 'Recommended' sections create noise and could be trimmed. The core content is reasonably structured but the bottom half becomes a link dump.	2 / 3
	Total	9 / 12 Passed

Description

89%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This is a well-crafted description that clearly communicates its purpose and includes explicit trigger guidance. The trigger terms are natural and comprehensive, covering both the setup and debugging use cases. The only minor weakness is that the capability actions could be slightly more specific about what concrete operations are performed beyond 'receive and verify'.

Dimension	Reasoning	Score
Specificity	Names the domain (GitHub webhooks) and some actions ('receive', 'verify', 'debugging signature verification', 'handling repository events'), but doesn't list multiple concrete implementation actions like parsing payloads, validating HMAC signatures, or routing events to handlers.	2 / 3
Completeness	Clearly answers both 'what' (receive and verify GitHub webhooks) and 'when' with an explicit 'Use when...' clause covering setup, debugging, and handling specific event types.	3 / 3
Trigger Term Quality	Excellent coverage of natural terms users would say: 'GitHub webhooks', 'webhook handlers', 'signature verification', and specific event types like 'push', 'pull_request', 'issues', 'release'. These are terms users would naturally use when seeking this functionality.	3 / 3
Distinctiveness Conflict Risk	Very distinct niche focused specifically on GitHub webhook handling and signature verification. The specific event types and 'signature verification' terminology make it unlikely to conflict with general GitHub skills or generic webhook skills.	3 / 3
	Total	11 / 12 Passed

Validation

100%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 11 / 11 Passed

Validation for skill structure

No warnings or errors.

Repository: hookdeck/webhook-skills
Commit: da37fc7

Reviewed: 17 days ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.