AOI TOOLS / 032 · AGENT SECURITY
WEBHOOK CHECK
Your AI agent's webhook accepts a forged signature. Find out in one command.
curl -sO https://raw.githubusercontent.com/AOI-Future/agent-webhook-check/main/webhook_check.py && python3 webhook_check.py --demo A webhook is the callback that lets an outside system trigger an agent action — a refund, a deploy, a fund movement. If the signature check can be fooled, an attacker drives your agent's hands. webhook-check runs four executable checks against your verifier and prints PASS / FAIL. Exit code is 0 if every check passes, 1 if any fails — so you can drop it into CI.
WHAT IT CHECKS
Verifier is so strict it rejects genuine traffic — a broken control is not a secure one.
An old signature is accepted for a mutated payload — the signature never actually binds the body.
A too-short signature runs a hand-rolled loop off the end and raises IndexError — a forged header crashes the handler (denial of service).
`==` or a byte loop leaks the valid HMAC through response timing — an attacker recovers the signature one byte at a time.
The fix for both real defects is one line: hmac.compare_digest, behind a startswith("sha256=") / length guard. The tool ships two worked references — a deliberately broken verifier and a correct one — so --demo finds a real bug with zero setup.
AUDIT YOUR OWN VERIFIER
python3 webhook_check.py --verifier yourmodule:verify
Any callable verify(secret: bytes, body: bytes, header: str) -> bool. It must not raise
on malformed input; it must return False.
Read it, run it, share it. One file, no dependencies.
GET THE NEXT FREE CASE
This is one case from a larger map of the agent attack surface. Join the list for the next free check and a heads-up when the standards (MCP, EMA) move.
Powered by Substack — dispatch.aoifuture.com. No spam; unsubscribe any time.
Want the whole surface, and evidence you can defend?
This free tool covers one case and tells you PASS or FAIL. The full AI-Agent Security Verification Kit covers identity, tools, untrusted content, the MCP supply chain, and EMA — one command against your config — and seals each run into a single artifact (JSON + PDF) whose hash is countersigned by an RFC 3161 timestamp authority. Proof of what you tested and when. No secret leaves your machine — only a hash and a nonce.
The free book — AI Agent Security: A Field Manual — is out now, free, at leanpub.com/agent-security. The kit is publishing soon — join the list and I'll send the link at launch.
Explanation and a single check are free. Execution across the whole surface, and the signed proof, are the kit.