chore(orb-webhooks): integrate into README, providers.yaml, and marketplace.json

- README.md: add Orb row (alphabetically between OpenClaw and Paddle), linkified to official docs
- providers.yaml: add orb entry with HMAC-SHA256/`v1:{ts}:{body}` scheme notes, common events, summary-webhooks variant, and `orb-billing` SDK declared for both npm and pip so the version-tracker covers it
- .claude-plugin/marketplace.json: add `orb-webhooks` plugin entry (matching the per-skill pattern from PR #62) and append `./skills/orb-webhooks` to the `webhook-skills` bundle

Skill content (skills/orb-webhooks/) landed in the previous commit via the
generator.

https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB

Author: claude

.claude-plugin/marketplace.json

@@ -450,6 +450,31 @@
         "ai"
       ]
     },
+    {
+      "name": "orb-webhooks",
+      "description": "Verify Orb webhook signatures (HMAC-SHA256 over `v1:{X-Orb-Timestamp}:{raw-body}`, hex with `v1=` prefix), handle customer, subscription, invoice, and data-export events from this usage-based billing platform.",
+      "source": "./skills/orb-webhooks",
+      "strict": false,
+      "skills": [
+        "./"
+      ],
+      "category": "integration",
+      "license": "MIT",
+      "author": {
+        "name": "Hookdeck",
+        "email": "phil@hookdeck.com"
+      },
+      "repository": "https://github.com/hookdeck/webhook-skills",
+      "homepage": "https://github.com/hookdeck/webhook-skills/tree/main/skills/orb-webhooks",
+      "keywords": [
+        "webhooks",
+        "orb",
+        "billing",
+        "usage-based-billing",
+        "subscriptions",
+        "invoices"
+      ]
+    },
     {
       "name": "paddle-webhooks",
       "description": "Verify Paddle webhook signatures (HMAC-SHA256 with multi-signature rotation), handle subscription and billing events.",
@@ -896,6 +921,7 @@
         "./skills/notion-webhooks",
         "./skills/openai-webhooks",
         "./skills/openclaw-webhooks",
+        "./skills/orb-webhooks",
         "./skills/paddle-webhooks",
         "./skills/paypal-webhooks",
         "./skills/postmark-webhooks",

README.md

@@ -48,6 +48,7 @@ Skills for receiving and verifying webhooks from specific providers. Each includ
 | [Notion](https://developers.notion.com/reference/webhooks) | [`notion-webhooks`](skills/notion-webhooks/) | Verify Notion webhook signatures (HMAC-SHA256, `X-Notion-Signature`), complete handshake, handle page and comment events |
 | [OpenAI](https://platform.openai.com/docs/guides/webhooks) | [`openai-webhooks`](skills/openai-webhooks/) | Verify OpenAI webhooks for fine-tuning, batch, and realtime async events |
 | [OpenClaw](https://docs.openclaw.ai/automation/webhook) | [`openclaw-webhooks`](skills/openclaw-webhooks/) | Verify OpenClaw Gateway webhook tokens, handle agent hook and wake event payloads |
+| [Orb](https://docs.withorb.com/integrations-and-exports/webhooks) | [`orb-webhooks`](skills/orb-webhooks/) | Verify Orb webhook signatures (HMAC-SHA256 over `v1:{X-Orb-Timestamp}:{body}`), handle customer, subscription, and invoice events |
 | [Paddle](https://developer.paddle.com/webhooks/overview) | [`paddle-webhooks`](skills/paddle-webhooks/) | Verify Paddle webhook signatures, handle subscription and billing events |
 | [PayPal](https://developer.paypal.com/api/rest/webhooks/) | [`paypal-webhooks`](skills/paypal-webhooks/) | Verify PayPal webhook signatures (RSA-SHA256 with cert), handle payment, subscription, and order events |
 | [Postmark](https://postmarkapp.com/developer/webhooks/webhooks-overview) | [`postmark-webhooks`](skills/postmark-webhooks/) | Authenticate Postmark webhooks (Basic Auth/Token), handle email delivery, bounce, open, click, and spam events |

providers.yaml

@@ -378,6 +378,52 @@ providers:
         - agent hook
         - wake hook
 
+  - name: orb
+    displayName: Orb
+    docs:
+      webhooks: https://docs.withorb.com/integrations-and-exports/webhooks
+      summary_webhooks: https://docs.withorb.com/integrations-and-exports/summary-webhooks
+      api: https://docs.withorb.com/api-reference
+    notes: >
+      Usage-based billing platform (Orb / withorb.com). Uses HMAC-SHA256 in hex with
+      a `v1=` prefix in the `X-Orb-Signature` header (e.g. `X-Orb-Signature: v1=<hex>`).
+      Timestamp delivered separately in `X-Orb-Timestamp` (ISO 8601). Signed content
+      format is the literal string `v1:{X-Orb-Timestamp}:{raw-body}` — concatenate
+      version literal "v1", colon, ISO timestamp, colon, raw body bytes; HMAC-SHA256
+      with the per-endpoint signing secret (configured in Orb dashboard, one secret
+      per webhook endpoint, NOT the account API key). Always pass the raw request
+      body — don't JSON.parse and re-stringify before verifying.
+
+      No documented replay tolerance — Orb recommends comparing X-Orb-Timestamp to a
+      threshold the integrator picks. Recommend a 5-minute window in handlers plus
+      idempotency keyed on the event `id` field for at-least-once delivery safety.
+
+      Common events span customer lifecycle (`customer.created`,
+      `customer.credit_balance_dropped`, `customer.accounting_sync_succeeded`),
+      subscriptions (`subscription.created`, `subscription.started`,
+      `subscription.ended`, `subscription.plan_changed`, `subscription.edited`,
+      `subscription.usage_exceeded`), invoices (`invoice.issued`,
+      `invoice.payment_succeeded`, `invoice.payment_failed`, `invoice.edited`),
+      and data exports (`data_exports.transfer_success`).
+
+      "Summary webhooks" are an opt-in variant covering the same event types with
+      smaller payloads (line_items omitted from invoices; customer/plan minified
+      to identification fields only). Same signature scheme; consumers should fetch
+      full resources via API when detail is needed.
+
+      Official SDKs: orb-billing (npm + PyPI; same package name on both registries).
+      Neither SDK exposes a Stripe-style unwrap()/constructEvent() helper at the
+      time of writing — manual HMAC verification is the canonical path.
+    sdks:
+      npm:
+        - orb-billing
+      pip:
+        - orb-billing
+    testScenario:
+      events:
+        - invoice.payment_succeeded
+        - subscription.created
+
   - name: paddle
     displayName: Paddle
     docs: