Trust Assessment
gandi received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 20 findings: 0 critical, 10 high, 9 medium, and 1 low severity. Key findings include Unsafe deserialization / dynamic eval, Hidden network beacons / undisclosed telemetry, Node lockfile missing.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings20
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Hidden network beacons / undisclosed telemetry DNS query with variable subdomain (DNS exfiltration) Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious. | Manifest | skills/chrisagiddings/gandi/scripts/add-dns-record.js:97 | |
| HIGH | Hidden network beacons / undisclosed telemetry DNS query with variable subdomain (DNS exfiltration) Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious. | Manifest | skills/chrisagiddings/gandi/scripts/dnssec-disable.js:178 | |
| HIGH | Hidden network beacons / undisclosed telemetry DNS query with variable subdomain (DNS exfiltration) Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious. | Manifest | skills/chrisagiddings/gandi/scripts/dnssec-status.js:169 | |
| HIGH | Hidden network beacons / undisclosed telemetry DNS query with variable subdomain (DNS exfiltration) Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious. | Manifest | skills/chrisagiddings/gandi/scripts/dnssec-status.js:170 | |
| HIGH | Hidden network beacons / undisclosed telemetry DNS query with variable subdomain (DNS exfiltration) Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious. | Manifest | skills/chrisagiddings/gandi/scripts/update-dns-record.js:120 | |
| HIGH | Hidden network beacons / undisclosed telemetry DNS query with variable subdomain (DNS exfiltration) Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious. | Manifest | skills/chrisagiddings/gandi/scripts/update-dns-record.js:121 | |
| HIGH | Unsanitized domain argument leads to API endpoint path traversal The `domain` argument from `process.argv` is used directly to construct an API endpoint path in `gandi-api.js` without prior sanitization. An attacker could inject path traversal sequences (e.g., `../`) into the domain name, potentially manipulating the API endpoint to target unintended resources or bypass access controls. For example, `node create-snapshot.js example.com/../malicious` could attempt to create a snapshot under a 'malicious' path. Sanitize the `domain` argument using `sanitizeDomain()` from `gandi-api.js` immediately after parsing it from `process.argv`. Add `domain = sanitizeDomain(domain);` after line 10. | LLM | scripts/create-snapshot.js:10 | |
| HIGH | Unsanitized domain argument leads to API endpoint path traversal The `domain` argument from `process.argv` is used directly to construct an API endpoint path in `gandi-api.js` without prior sanitization. An attacker could inject path traversal sequences (e.g., `../`) into the domain name, potentially manipulating the API endpoint to target unintended resources or bypass access controls. For example, `node restore-snapshot.js example.com/../malicious <snapshot-id>` could attempt to restore a snapshot under a 'malicious' path. Sanitize the `domain` argument using `sanitizeDomain()` from `gandi-api.js` immediately after parsing it from `process.argv`. Add `domain = sanitizeDomain(domain);` after line 10. | LLM | scripts/restore-snapshot.js:10 | |
| HIGH | Unsanitized file path leads to arbitrary file read (Data Exfiltration) The `recordsFile` argument from `process.argv` is used directly in `fs.readFileSync` without sanitization. An attacker could provide a path traversal sequence (e.g., `../../../../etc/passwd`) to read arbitrary files from the system where the skill is executed, leading to data exfiltration. Before calling `fs.readFileSync`, sanitize the `recordsFile` argument. Resolve the path and ensure it is within an expected, safe directory (e.g., `process.cwd()` or a dedicated config directory) to prevent arbitrary file access. For example, use `path.resolve()` and validate the resulting path against a trusted base directory. | LLM | scripts/update-dns-bulk.js:30 | |
| HIGH | Unsanitized file path leads to arbitrary file read (Data Exfiltration) The `contactFile` argument from `process.argv` is used directly in `fs.readFileSync` without sanitization. An attacker could provide a path traversal sequence (e.g., `../../../../etc/passwd`) to read arbitrary files from the system where the skill is executed, leading to data exfiltration. Before calling `fs.readFileSync`, sanitize the `contactFile` argument. Resolve the path and ensure it is within an expected, safe directory (e.g., `process.cwd()` or the `~/.config/gandi` directory) to prevent arbitrary file access. For example, use `path.resolve()` and validate the resulting path against a trusted base directory. | LLM | scripts/register-domain.js:100 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/chrisagiddings/gandi/scripts/delete-contact.js:19 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/chrisagiddings/gandi/scripts/delete-dns-record.js:15 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/chrisagiddings/gandi/scripts/dnssec-disable.js:38 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/chrisagiddings/gandi/scripts/dnssec-enable.js:44 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/chrisagiddings/gandi/scripts/dnssec-enable.js:80 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/chrisagiddings/gandi/scripts/dnssec-status.js:62 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/chrisagiddings/gandi/scripts/gandi-api.js:989 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/chrisagiddings/gandi/scripts/gandi-api.js:1008 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/chrisagiddings/gandi/scripts/request-certificate.js:63 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/chrisagiddings/gandi/scripts/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/a3a33d060cd66ae9)
Powered by SkillShield