Trust Assessment
gandi received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 21 findings: 0 critical, 8 high, 11 medium, and 2 low severity. Key findings include Unsafe deserialization / dynamic eval, Hidden network beacons / undisclosed telemetry, Node lockfile missing.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings21
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Hidden network beacons / undisclosed telemetry DNS query with variable subdomain (DNS exfiltration) Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious. | Manifest | skills/chrisagiddings/gandi-skill/scripts/add-dns-record.js:120 | |
| HIGH | Hidden network beacons / undisclosed telemetry DNS query with variable subdomain (DNS exfiltration) Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious. | Manifest | skills/chrisagiddings/gandi-skill/scripts/add-dns-record.js:121 | |
| HIGH | Hidden network beacons / undisclosed telemetry DNS query with variable subdomain (DNS exfiltration) Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious. | Manifest | skills/chrisagiddings/gandi-skill/scripts/dnssec-disable.js:178 | |
| HIGH | Hidden network beacons / undisclosed telemetry DNS query with variable subdomain (DNS exfiltration) Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious. | Manifest | skills/chrisagiddings/gandi-skill/scripts/dnssec-status.js:169 | |
| HIGH | Hidden network beacons / undisclosed telemetry DNS query with variable subdomain (DNS exfiltration) Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious. | Manifest | skills/chrisagiddings/gandi-skill/scripts/dnssec-status.js:170 | |
| HIGH | Hidden network beacons / undisclosed telemetry DNS query with variable subdomain (DNS exfiltration) Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious. | Manifest | skills/chrisagiddings/gandi-skill/scripts/update-dns-record.js:120 | |
| HIGH | Hidden network beacons / undisclosed telemetry DNS query with variable subdomain (DNS exfiltration) Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious. | Manifest | skills/chrisagiddings/gandi-skill/scripts/update-dns-record.js:121 | |
| HIGH | Arbitrary file read via `update-dns-bulk.js` script The `scripts/update-dns-bulk.js` script takes a file path as a command-line argument (`process.argv[3]`) and directly reads its content using `fs.readFileSync(filePath, 'utf8')`. An attacker could provide a path to any sensitive file on the system (e.g., `~/.config/gandi/api_token`, `/etc/passwd`, `/proc/self/environ`) to read its content. Although the script attempts to parse the file as JSON, which would likely fail for non-JSON files, the content would still be read into memory and could potentially be exposed in error messages, logs, or through other side channels, leading to data exfiltration of sensitive local files. Implement stricter validation for the `filePath` argument. Instead of directly using `filePath` from `process.argv`, consider: 1. Restricting `filePath` to a specific, non-sensitive directory. 2. Validating that `filePath` does not contain directory traversal sequences (e.g., `../`). 3. If the file must be user-provided, ensure it's uploaded to a secure, isolated location and its content is validated before parsing. 4. For a CLI tool, explicitly state the security implications and advise users to only provide paths to trusted JSON files. | LLM | scripts/update-dns-bulk.js:43 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/chrisagiddings/gandi-skill/scripts/delete-contact.js:19 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/chrisagiddings/gandi-skill/scripts/delete-dns-record.js:41 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/chrisagiddings/gandi-skill/scripts/delete-dns-record.js:53 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/chrisagiddings/gandi-skill/scripts/delete-email-forward.js:36 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/chrisagiddings/gandi-skill/scripts/dnssec-disable.js:38 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/chrisagiddings/gandi-skill/scripts/dnssec-enable.js:44 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/chrisagiddings/gandi-skill/scripts/dnssec-enable.js:80 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/chrisagiddings/gandi-skill/scripts/dnssec-status.js:62 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/chrisagiddings/gandi-skill/scripts/gandi-api.js:989 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/chrisagiddings/gandi-skill/scripts/gandi-api.js:1008 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/chrisagiddings/gandi-skill/scripts/request-certificate.js:63 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/chrisagiddings/gandi-skill/scripts/package.json | |
| LOW | Dependency discrepancy in documentation vs. package.json The `SKILL.md` documentation states that `axios` is an 'expected package' for the skill, implying it's a dependency. However, the `scripts/package.json` file explicitly lists an empty `dependencies` object. While the `gandi-api.js` file appears to use Node.js's built-in `https` module for API calls, this discrepancy can lead to confusion for users, potential installation of unmanaged global dependencies, or issues if `axios` is implicitly relied upon elsewhere in the skill's ecosystem without being declared. Update `SKILL.md` to accurately reflect the skill's dependencies. If `axios` is not used, remove its mention from the documentation. If it is used, add it as a dependency in `scripts/package.json` with a pinned version. | LLM | SKILL.md:170 |
Scan History
Embed Code
[](https://skillshield.io/report/8e3017fe2f02459c)
Powered by SkillShield