slack-go `SecretsVerifier` accepts empty signing secret without precondition
func NewSecretsVerifier(header http.Header, secret string) (SecretsVerifier, error) { hash := hmac.New(sha256.New, []byte(secret)) // raw secret, no precondition }
Advisories for Golang/Github.com/Slack-Go/Slack package
2026