hootsuite-webhooks-events
Facilitates secure handling of Hootsuite webhook events and signature validation for social media integrations.
Install this skill
Security score
The hootsuite-webhooks-events skill was audited on May 27, 2026 and we found 25 security issues across 4 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 39 | const response = await fetch(`https://platform.hootsuite.com/v1/messages/${messageId}`, { |
Template literal with variable interpolation in command context
| 40 | headers: { 'Authorization': `Bearer ${await getStoredToken()}` }, |
Template literal with variable interpolation in command context
| 45 | console.log(`Message ${messageId} sent at ${data.sentAt}`); |
Template literal with variable interpolation in command context
| 48 | console.error(`Message ${messageId} failed: ${data.state}`); |
Template literal with variable interpolation in command context
| 52 | console.log(`Message ${messageId}: ${data.state}, checking again...`); |
Template literal with variable interpolation in command context
| 73 | headers: { 'Authorization': `Bearer ${await getStoredToken()}` }, |
Fetch to external URL
| 72 | const response = await fetch('https://platform.hootsuite.com/v1/messages?state=SENT&limit=50', { |
Webhook reference - potential data exfiltration
| 2 | name: hootsuite-webhooks-events |
Webhook reference - potential data exfiltration
| 3 | description: 'Implement Hootsuite webhook signature validation and event handling. |
Webhook reference - potential data exfiltration
| 5 | Use when setting up webhook endpoints, implementing signature verification, |
Webhook reference - potential data exfiltration
| 9 | Trigger with phrases like "hootsuite webhook", "hootsuite events", |
Webhook reference - potential data exfiltration
| 11 | "hootsuite webhook signature", "handle hootsuite events", "hootsuite notifications". |
Webhook reference - potential data exfiltration
| 24 | # Hootsuite Webhooks & Events |
Webhook reference - potential data exfiltration
| 28 | Hootsuite provides webhook notifications for social stream events when building Hootsuite App Directory integrations. For API-only integrations, you poll for message state changes or implement your ow |
Webhook reference - potential data exfiltration
| 35 | // Since Hootsuite REST API doesn't push webhooks for message status, |
Webhook reference - potential data exfiltration
| 61 | ### Step 2: Build Custom Scheduling Webhook |
Webhook reference - potential data exfiltration
| 64 | // Your own webhook system to track scheduled post status |
Webhook reference - potential data exfiltration
| 70 | // Cron job checks scheduled posts and fires webhooks |
Webhook reference - potential data exfiltration
| 79 | await fetch(process.env.INTERNAL_WEBHOOK_URL!, { |
Webhook reference - potential data exfiltration
| 88 | ### Step 3: Hootsuite App Directory Webhooks |
Webhook reference - potential data exfiltration
| 93 | // Webhook handler for Hootsuite App Directory integration |
Webhook reference - potential data exfiltration
| 94 | app.post('/webhooks/hootsuite', async (req, res) => { |
Access to .env file
| 79 | await fetch(process.env.INTERNAL_WEBHOOK_URL!, { |
External URL reference
| 39 | const response = await fetch(`https://platform.hootsuite.com/v1/messages/${messageId}`, { |
External URL reference
| 72 | const response = await fetch('https://platform.hootsuite.com/v1/messages?state=SENT&limit=50', { |