Content
64%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill provides highly actionable, executable webhook handler code for OpenAI in two languages with proper security practices (timing-safe comparison, replay attack prevention, raw body parsing). Its main weaknesses are verbosity—two full implementations inline plus duplicated event information and a long related skills list—and a lack of an explicit end-to-end setup workflow with verification checkpoints.
Suggestions
Add an explicit numbered setup workflow: register webhook in OpenAI dashboard → set environment variables → start server → test with local tunnel → verify signature works, with a checkpoint to confirm events are received.
Move one of the two full implementations (Express or FastAPI) to a referenced example file to reduce inline token usage, keeping only the primary implementation and a brief pointer to the alternative.
Trim the 'Related Skills' section to 2-3 most relevant skills or move it to a separate references file to reduce token overhead.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The core code examples are useful but the skill is quite long. The extensive 'Related Skills' section listing 10 other skills and the 'Recommended' section with external GitHub links add significant token overhead. The switch statement with many similar cases could be condensed. The event types table partially duplicates what's already in the switch statement. | 2 / 3 |
Actionability | Provides fully executable, copy-paste ready code in both JavaScript (Express) and Python (FastAPI) with complete signature verification implementations, proper header extraction, timing-safe comparison, and event handling. Environment variables and local development commands are concrete and specific. | 3 / 3 |
Workflow Clarity | The code itself follows a clear verify-then-parse-then-handle sequence, and includes timestamp validation and replay attack prevention. However, there's no explicit step-by-step setup workflow (e.g., 1. Register webhook in dashboard, 2. Set env vars, 3. Start server, 4. Test with tunnel). The local development section is a single command with no verification step to confirm the webhook is working. | 2 / 3 |
Progressive Disclosure | References to examples/ directories and references/ files are well-signaled, but no bundle files were provided, so we can't verify they exist. The main SKILL.md inlines two complete implementations (~150 lines of code) that could arguably be in separate example files, with just the verification function or a shorter snippet in the overview. The 'Related Skills' and 'Recommended' sections add bulk that could be in a separate file. | 2 / 3 |
Total | 9 / 12 Passed |