How does this skill verify Intercom webhooks?

It provides standardized code patterns for validating the X-Hub-Signature header using HMAC-SHA1 and timing-safe comparisons to prevent spoofing and timing attacks.

Can this skill help if I accidentally leak an Intercom token?

Yes, the skill includes commands to scan your git history for leaked tokens and provides a step-by-step procedure for rotating secrets and revoking compromised credentials.

Does it provide guidance on OAuth permissions?

Yes, the skill includes a mapping of specific Intercom use cases to the minimum required OAuth scopes, helping you follow the principle of least privilege.

What is Intercom Identity Verification?

Identity Verification is a security measure that uses a server-side HMAC (user_hash) to ensure that the person using the Messenger is the actual authenticated user, preventing impersonation.

Intercom Security & Authentication

Name: Intercom Security & Authentication
Author: jeremylongshore

byjeremylongshore

•

2,028

•

Security & Testing

Implements security best practices for Intercom integrations, including webhook verification and identity protection.

The intercom-security-basics skill provides Claude Code with specialized knowledge for securing Intercom implementations. It streamlines the process of implementing X-Hub-Signature webhook validation, setting up Identity Verification (HMAC) to prevent user impersonation, and managing sensitive access tokens using environment variables. By enforcing least-privilege OAuth scopes and providing standardized rotation procedures, this skill ensures that Intercom-connected applications maintain a robust security posture while minimizing the risk of credential leakage.

Key Features

01Secure token storage and rotation workflows for production environments

022,028 GitHub stars

03Webhook signature verification (X-Hub-Signature) using HMAC-SHA1

04Automated git history scanning patterns for leaked Intercom secrets

05Identity Verification (user_hash) implementation to prevent impersonation

06Least-privilege OAuth scope configuration guidance

Use Cases

01Auditing and rotating Intercom access tokens and signing secrets safely

02Enabling Identity Verification to protect user data within the Intercom Messenger

03Verifying incoming Intercom webhooks to prevent spoofing and unauthorized data injection

Key Features

01Secure token storage and rotation workflows for production environments

022,028 GitHub stars

03Webhook signature verification (X-Hub-Signature) using HMAC-SHA1

04Automated git history scanning patterns for leaked Intercom secrets

05Identity Verification (user_hash) implementation to prevent impersonation

06Least-privilege OAuth scope configuration guidance

Use Cases

01Auditing and rotating Intercom access tokens and signing secrets safely

02Enabling Identity Verification to protect user data within the Intercom Messenger

03Verifying incoming Intercom webhooks to prevent spoofing and unauthorized data injection