shopify-webhooks

Receive and verify Shopify webhooks. Use when setting up Shopify webhook handlers, debugging signature verification, or handling store events like orders/create, products/update, or customers/create.

Quality

77%

Does it follow best practices?

Impact

—

No eval scenarios have been run

Securityby

Advisory

Suggest reviewing before use

Fix and improve this skill with Tessl

tessl review fix ./skills/shopify-webhooks/SKILL.md

Quality

Content

64%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The skill excels at its core purpose—providing executable webhook verification code in two languages with important Shopify-specific details (base64 encoding, timing-safe comparison, 5-second timeout). However, it suffers from bloat in the Related Skills and Recommended sections, which consume significant tokens without adding proportional value. The workflow could be improved with an explicit setup sequence rather than just verification code plus scattered tips.

Suggestions

Trim the Related Skills section to 2-3 most relevant skills or remove entirely—Claude can discover these from other context

Add a brief numbered workflow for the full setup process: register webhook → configure endpoint → verify signature → dispatch events → respond 200

Remove the Attribution section—this is boilerplate that doesn't help Claude perform the task

Consolidate the 'Recommended: webhook-handler-patterns' section into a single reference line rather than listing 4 sub-references

Dimension	Reasoning	Score
Conciseness	The core verification section is lean and efficient, but the Related Skills section is excessively long (10 items with full URLs), the Attribution section is unnecessary boilerplate, and the Recommended skill section repeats information. The event types table is useful but could be trimmed given Claude's existing knowledge of Shopify.	2 / 3
Actionability	Provides fully executable verification code in both Node and Python, specific environment variable names, a concrete local development command, and a clear event types reference table. The code is copy-paste ready and includes important details like base64 encoding and timing-safe comparison.	3 / 3
Workflow Clarity	The verification flow is clear but there's no explicit step-by-step workflow for setting up a complete webhook handler. The skill mentions responding within 5 seconds and processing asynchronously but doesn't provide a sequenced workflow with validation checkpoints for the overall setup process (e.g., register webhook → set up endpoint → verify → handle events).	2 / 3
Progressive Disclosure	References to examples/ directories and references/ files are well-signaled, but no bundle files were provided to verify these exist. The Related Skills section is overly long and could be a simple list. The mix of internal references (references/overview.md) and external GitHub links creates inconsistency in navigation patterns.	2 / 3
	Total	9 / 12 Passed

Description

89%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This is a strong skill description that clearly defines its scope around Shopify webhook handling and provides explicit 'Use when' triggers with natural keywords including specific event names. The main weakness is that the 'what' portion could list more concrete actions beyond just 'receive and verify' to better convey the full range of capabilities.

Dimension	Reasoning	Score
Specificity	Names the domain (Shopify webhooks) and two actions (receive and verify), but doesn't list more comprehensive capabilities like parsing payloads, responding with status codes, or configuring webhook subscriptions.	2 / 3
Completeness	Clearly answers both what ('Receive and verify Shopify webhooks') and when ('Use when setting up Shopify webhook handlers, debugging signature verification, or handling store events...') with explicit trigger guidance.	3 / 3
Trigger Term Quality	Excellent coverage of natural trigger terms: 'Shopify webhooks', 'webhook handlers', 'signature verification', and specific event names like 'orders/create', 'products/update', 'customers/create' that users would naturally mention.	3 / 3
Distinctiveness Conflict Risk	Highly distinctive with a clear niche — Shopify webhooks specifically, with concrete event types. Unlikely to conflict with general API skills or other e-commerce skills due to the specificity of 'Shopify', 'webhook', and 'signature verification'.	3 / 3
	Total	11 / 12 Passed

Validation

100%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 11 / 11 Passed

Validation for skill structure

No warnings or errors.

Repository: hookdeck/webhook-skills
Commit: da37fc7

Reviewed: 18 days ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.