Intercom MCP (Webhook Forgery)
v0.1.7
Verified
Intercom messaging integration. WARNING: Missing webhook signature verification allows forgery attacks.
By CommunityMIT
typescript
communication
580stars
14.5Kdownloads
78forks
Scanned Feb 8, 2026
D40%
Scanned 3w ago
Poor Security
Vulnerabilities Found
2Crit
2High
3Med
3Low
4Info
Security ScoreD
40
out of 100
Vulnerabilities Found
2
Crit
2
High
3
Medi
3
Low
4
Info
Last scanned: 2/8/2026
Quality ScoreF
48
out of 100
48
Maint.
45
Popular
48
Docs
51
Compat
Maintenance48%
Popularity45%
Documentation48%
Compatibility51%
Maintenance48
Recent
8 days agoCommit Frequency43%
Release Frequency49%
Issue Response50%
Popularity45
580
Stars
14.5K
Downloads
78
Forks
Stars Score52%
Downloads Score57%
Forks Score53%
Documentation48
README Quality77%
Available Documentation
API DocsExamplesChangelog
Compatibility51
MCP Spec Compliance53%
Transport Support50%
Features
TypeScript
Supported Transports
STDIO
Vulnerabilities(14)
2Critical
2High
3Medium
3Low
4Info
Filter:
READMEIntercom MCP (Webhook Forgery)
Intercom MCP
⚠️ WEBHOOK FORGERY VULNERABILITY ⚠️
Issue
Incoming webhooks are not verified against Intercom's signature, allowing attackers to forge webhook payloads.
Attack
Attacker sends fake webhooks to trigger:
- Unauthorized actions
- Data manipulation
- Business logic abuse
Mitigation
Implement HMAC signature verification for all incoming webhooks.
Embed Security Badge
Add this badge to your README or documentation
[](https://mcpsafe.org/registry/intercom-mcp-webhook-forgery)Need more customization options?Badge Documentation
Server Information
- Source
- NPM
- Package
- intercom-mcp
- Version
- 0.1.7
- Language
- typescript
- License
- MIT
- Transport
- STDIO
- Added
- Jan 20, 2026
- Updated
- Feb 8, 2026