CtrlK
BlogDocsLog inGet started
Tessl Logo

webhook-signature-validator

Webhook Signature Validator - Auto-activating skill for API Integration. Triggers on: webhook signature validator, webhook signature validator Part of the API Integration skill category.

36

1.00x
Quality

3%

Does it follow best practices?

Impact

100%

1.00x

Average score across 3 eval scenarios

SecuritybySnyk

Passed

No known issues

Optimize this skill with Tessl

npx tessl skill review --optimize ./planned-skills/generated/16-api-integration/webhook-signature-validator/SKILL.md
SKILL.md
Quality
Evals
Security

Evaluation results

100%

GitHub Webhook Receiver for CI/CD Pipeline Triggers

GitHub webhook signature validation

Criteria
Without context
With context

HMAC-SHA256 algorithm

100%

100%

Timing-safe comparison

100%

100%

Raw body for signing

100%

100%

GitHub header name

100%

100%

sha256= prefix handling

100%

100%

401/403 on invalid signature

100%

100%

Missing header handling

100%

100%

Secret not logged

100%

100%

Configurable secret

100%

100%

Step-by-step structure

100%

100%

200 on success

100%

100%

100%

Stripe Payment Event Processor

Stripe SDK webhook validation

Criteria
Without context
With context

Official Stripe SDK

100%

100%

constructEvent method

100%

100%

Raw body passed to SDK

100%

100%

Stripe-Signature header

100%

100%

SignatureVerificationError caught

100%

100%

400 on invalid signature

100%

100%

200 on success

100%

100%

Webhook secret via env var

100%

100%

Step-by-step validation flow

100%

100%

Timestamp tolerance note

100%

100%

Production-ready error handling

100%

100%

100%

Unified Webhook Security Middleware

Multi-provider webhook validation library

Criteria
Without context
With context

HMAC-SHA256 for GitHub

100%

100%

Timing-safe comparison

100%

100%

Raw body signing

100%

100%

Multiple provider support

100%

100%

Integration pattern

100%

100%

GitHub header X-Hub-Signature-256

100%

100%

Configurable secrets

100%

100%

Invalid request rejected

100%

100%

Security documentation

100%

100%

Production-ready error handling

100%

100%

Step-by-step validation steps

100%

100%

Repository
jeremylongshore/claude-code-plugins-plus-skills
Commit

b8a3b3e

Evaluated
Agent
Claude Code
Model
Claude Sonnet 4.6

Table of Contents

GitHub Webhook Receiver for CI/CD Pipeline TriggersStripe Payment Event ProcessorUnified Webhook Security Middleware

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill