creating-webhook-handlers
Create webhook endpoints with signature verification, retry logic, and payload validation. Use when receiving and processing webhook events. Trigger with phrases like "create webhook", "handle webhook events", or "setup webhook handler".
78
75%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./plugins/api-development/webhook-handler-creator/skills/creating-webhook-handlers/SKILL.mdQuality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-crafted skill description that clearly communicates specific capabilities (endpoint creation, signature verification, retry logic, payload validation), provides explicit 'Use when' guidance, and includes natural trigger phrases. It follows the third-person voice convention and is concise without being vague. The only minor improvement could be mentioning specific webhook providers or file types, but the description is strong as-is.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'Create webhook endpoints', 'signature verification', 'retry logic', and 'payload validation'. These are distinct, concrete capabilities. | 3 / 3 |
Completeness | Clearly answers both 'what' (create webhook endpoints with signature verification, retry logic, payload validation) and 'when' (explicit 'Use when receiving and processing webhook events' plus trigger phrases). Both are explicit and well-defined. | 3 / 3 |
Trigger Term Quality | Includes natural trigger phrases users would say: 'create webhook', 'handle webhook events', 'setup webhook handler', plus terms like 'webhook endpoints', 'signature verification'. Good coverage of how users would naturally phrase webhook-related requests. | 3 / 3 |
Distinctiveness Conflict Risk | Webhook handling is a clear niche with distinct triggers. The specificity around webhooks, signature verification, and retry logic makes it unlikely to conflict with general API or HTTP skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
50%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill provides a well-organized overview of webhook handler creation with good structural elements (error table, output listing, clear steps), but falls short on actionability due to the complete absence of executable code — everything concrete is deferred to referenced files that don't exist. The workflow is logical but lacks validation checkpoints appropriate for security-sensitive operations like signature verification.
Suggestions
Add at least one executable code example for HMAC signature verification (the core security operation) directly in the skill body rather than deferring all code to missing reference files.
Include a validation checkpoint after step 3 (signature verification) such as 'Test with a known payload and signature before proceeding to ensure the signing secret is correctly configured.'
Either provide the referenced bundle files (implementation.md, errors.md, examples.md) or inline the most critical content — currently all actionable detail is behind dead references.
Convert the Examples section from narrative descriptions to concrete code snippets showing at least the Stripe signature verification pattern with actual function calls.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is reasonably well-structured but includes some unnecessary verbosity. The Overview section restates what the description already covers, the Prerequisites section explains things Claude would know (e.g., what ngrok is for), and the Examples section describes scenarios narratively rather than providing executable code. Some tightening is possible. | 2 / 3 |
Actionability | The instructions provide a clear sequence of what to do and mention specific headers and patterns (HMAC-SHA256, specific header names, event ID formats), but there is no executable code anywhere in the skill body. All concrete implementation is deferred to a referenced implementation.md that doesn't exist in the bundle. The examples are descriptive prose rather than copy-paste ready code. | 2 / 3 |
Workflow Clarity | The 8-step workflow is clearly sequenced and covers the full lifecycle from route creation through testing. However, there are no explicit validation checkpoints or feedback loops — step 8 mentions tests but there's no 'validate before proceeding' gate between critical steps like signature verification setup and deployment. For a security-sensitive operation, missing intermediate validation caps this at 2. | 2 / 3 |
Progressive Disclosure | The skill references three external files (implementation.md, errors.md, examples.md) with clear signaling, which is good structure. However, none of these bundle files actually exist, making the references dead links. The error handling table is appropriately inline, but the lack of any actual bundle files means the progressive disclosure structure is aspirational rather than functional. | 2 / 3 |
Total | 8 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
3a2d27d
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.