gandi-skill

· v0.2.7

High Risk

"Comprehensive Gandi domain registrar integration for domain and DNS management. Register and manage domains, create/update/delete DNS records (A, AAAA, CNAME, MX, TXT, SRV, and more), configure email forwarding and aliases, check SSL certificate status, create DNS snapshots for safe rollback, bulk update zone files, and monitor domain expiration. Supports multi-domain management, zone file import/export, and automated DNS backups. Includes both read-only and destructive operations with safety controls."

H:4 D:4 A:1 C:1

⚠️ Hazard Flags

PRIVILEGED PERSISTENCE FS_READ_WORKSPACE FS_READ_USER FS_WRITE_WORKSPACE FS_WRITE_USER FS_DELETE NET_EGRESS_ANY CREDS_ENV CREDS_FILES PI_WEB PI_DOCUMENTS

📋 Capabilities

Execution

❌ Shell execution
❌ Code execution
❌ Install dependencies
✅ Persistence
Privilege: admin

Filesystem

✅ Read workspace
✅ Write workspace
✅ Read home
✅ Write home
❌ Read system
✅ Delete

Network

Egress: any
❌ Ingress

Credentials

✅ Environment vars
✅ Credential files
❌ Browser data
❌ Keychain

Actions

❌ send messages❌ post public❌ purchase❌ transfer money❌ deploy❌ delete external

🔒 Containment

Level: maximum

Recommended:

LOG_ACTIONS: Audit trail for all actions

⚡ Risks

Prompt injection patterns detected in: SKILL.md high

Mitigation: Review SKILL.md for hidden instructions. Do not use with untrusted input.

Unauthorized tool use: TOOL_ABUSE_SYSTEM_MODIFICATION critical

Mitigation: Remove system modification commands

Command injection risk: TIRITH_INSECURE_TLS, TIRITH_DOTFILE_OVERWRITE high

Social engineering indicators: SOCIAL_ENG_VAGUE_DESCRIPTION low

Mitigation: Provide clear, detailed description of skill functionality

Tool poisoning: hidden behaviors detected (MCP_TOOL_POISONING_SENSITIVE_DATA) high

Mitigation: Remove references to sensitive data collection.

Data exfiltration patterns: INSTRUCTED_SENSITIVE_SERVICE_ACCESS high

Mitigation: Clearly document which sensitive services are accessed and why; use minimal required permissions

Want a deeper analysis?

This report was generated by static analysis. Get an LLM-powered deep review with behavioral reasoning and attack surface mapping.

🧠 Deep Analysis — $5.00

🚨 Incident Response

Kill switch: Stop the agent process

Containment: Review logs for unexpected actions

Recovery: Depends on skill capabilities

📄 Raw SSDS JSON click to expand

{
  "meta": {
    "document_id": "ssds:auto:gandi:0.1.0",
    "ssds_version": "0.2.0",
    "scanner_version": "0.4.0+fe6fd9123d50",
    "created_at": "2026-03-05T01:55:29.617Z",
    "created_by": {
      "agent": "safeagentskills-cli/generate-ssds"
    },
    "language": "en",
    "notes": "Auto-generated SSDS. Manual review recommended."
  },
  "skill": {
    "name": "gandi-skill",
    "version": "0.2.7",
    "format": "agent_skill",
    "description": "\"Comprehensive Gandi domain registrar integration for domain and DNS management. Register and manage domains, create/update/delete DNS records (A, AAAA, CNAME, MX, TXT, SRV, and more), configure email forwarding and aliases, check SSL certificate status, create DNS snapshots for safe rollback, bulk update zone files, and monitor domain expiration. Supports multi-domain management, zone file import/export, and automated DNS backups. Includes both read-only and destructive operations with safety controls.\"",
    "publisher": "ClawHub",
    "source": {
      "channel": "local"
    },
    "artifact": {
      "sha256": "70c5da727d745fd6c7d20a9759596738f0eec8349e39d51de7d35659db796fa5",
      "hash_method": "files_sorted"
    }
  },
  "capabilities": {
    "execution": {
      "can_exec_shell": false,
      "can_exec_code": false,
      "privilege_level": "admin",
      "can_install_deps": false,
      "can_persist": true
    },
    "filesystem": {
      "reads_workspace": true,
      "reads_user_home": true,
      "reads_system": false,
      "writes_workspace": true,
      "writes_user_home": true,
      "writes_system": false,
      "can_delete": true
    },
    "network": {
      "egress": "any",
      "ingress": false
    },
    "credentials": {
      "reads_env_vars": true,
      "reads_credential_files": true,
      "reads_browser_data": false,
      "reads_keychain": false
    },
    "services": [],
    "actions": {
      "can_send_messages": false,
      "can_post_public": false,
      "can_purchase": false,
      "can_transfer_money": false,
      "can_deploy": false,
      "can_delete_external": false
    },
    "prompt_injection_surfaces": [
      "web",
      "documents"
    ],
    "content_types": [
      "general"
    ]
  },
  "hazards": {
    "hdac": {
      "H": 4,
      "D": 4,
      "A": 1,
      "C": 1
    },
    "flags": [
      "PRIVILEGED",
      "PERSISTENCE",
      "FS_READ_WORKSPACE",
      "FS_READ_USER",
      "FS_WRITE_WORKSPACE",
      "FS_WRITE_USER",
      "FS_DELETE",
      "NET_EGRESS_ANY",
      "CREDS_ENV",
      "CREDS_FILES",
      "PI_WEB",
      "PI_DOCUMENTS"
    ],
    "custom_flags": [
      {
        "code": "PROMPT_INJECTION",
        "name": "Prompt Injection Risk",
        "description": "Contains prompt injection patterns in: SKILL.md"
      },
      {
        "code": "PERSISTENCE",
        "name": "Persistence Mechanism",
        "description": "Creates scheduled tasks or startup entries in: SKILL.md"
      },
      {
        "code": "PRIVILEGE_ESCALATION",
        "name": "Privilege Escalation",
        "description": "Uses elevated privileges (sudo/root) in: SKILL.md"
      },
      {
        "code": "FILE_DELETE",
        "name": "File Deletion",
        "description": "Can delete files in: scripts/delete-contact.js, scripts/profile-manager.js, scripts/register-domain.js"
      },
      {
        "code": "TOOL_ABUSE",
        "name": "Unauthorized Tool Use",
        "description": "TOOL_ABUSE_SYSTEM_MODIFICATION: Modifying system permissions or configuration"
      },
      {
        "code": "SOCIAL_ENGINEERING",
        "name": "Social Engineering Risk",
        "description": "SOCIAL_ENG_VAGUE_DESCRIPTION: Skill description is too vague or missing"
      },
      {
        "code": "COMMAND_INJECTION",
        "name": "Command Injection Risk",
        "description": "TIRITH_INSECURE_TLS, TIRITH_DOTFILE_OVERWRITE: Disabled TLS verification allows man-in-the-middle attacks"
      },
      {
        "code": "TOOL_POISONING",
        "name": "Tool Poisoning",
        "description": "Hidden secondary behavior detected: MCP_TOOL_POISONING_SENSITIVE_DATA"
      },
      {
        "code": "DATA_EXFILTRATION",
        "name": "Data Exfiltration Risk",
        "description": "INSTRUCTED_SENSITIVE_SERVICE_ACCESS: Instructs agent to access sensitive services (email, calendar, contacts, drive)"
      }
    ],
    "confidence": {
      "level": "medium",
      "basis": [
        "static_analysis"
      ],
      "notes": "Detected 9 security patterns (9 vendored rule hits). Review recommended."
    },
    "rationale": {
      "H": "H4: Critical: Privilege escalation or malware detected",
      "D": "D4: Critical: Credential theft or data exfiltration",
      "A": "A1: Local side effects only",
      "C": "C1: General content"
    }
  },
  "containment": {
    "level": "maximum",
    "required": [],
    "recommended": [
      {
        "control": "LOG_ACTIONS",
        "reason": "Audit trail for all actions"
      }
    ],
    "uncontained_risk": "Risk level depends on manual review of actual capabilities."
  },
  "risks": {
    "risks": [
      {
        "risk": "Prompt injection patterns detected in: SKILL.md",
        "severity": "high",
        "mitigation": "Review SKILL.md for hidden instructions. Do not use with untrusted input."
      },
      {
        "risk": "Unauthorized tool use: TOOL_ABUSE_SYSTEM_MODIFICATION",
        "severity": "critical",
        "mitigation": "Remove system modification commands"
      },
      {
        "risk": "Command injection risk: TIRITH_INSECURE_TLS, TIRITH_DOTFILE_OVERWRITE",
        "severity": "high"
      },
      {
        "risk": "Social engineering indicators: SOCIAL_ENG_VAGUE_DESCRIPTION",
        "severity": "low",
        "mitigation": "Provide clear, detailed description of skill functionality"
      },
      {
        "risk": "Tool poisoning: hidden behaviors detected (MCP_TOOL_POISONING_SENSITIVE_DATA)",
        "severity": "high",
        "mitigation": "Remove references to sensitive data collection."
      },
      {
        "risk": "Data exfiltration patterns: INSTRUCTED_SENSITIVE_SERVICE_ACCESS",
        "severity": "high",
        "mitigation": "Clearly document which sensitive services are accessed and why; use minimal required permissions"
      }
    ],
    "limitations": [
      "Static analysis only - runtime behavior not verified"
    ]
  },
  "incident_response": {
    "kill_switch": [
      "Stop the agent process"
    ],
    "containment": [
      "Review logs for unexpected actions"
    ],
    "recovery": [
      "Depends on skill capabilities"
    ]
  },
  "evidence": [
    {
      "evidence_id": "EV:file-1",
      "type": "file_excerpt",
      "title": "_meta.json",
      "file_path": "_meta.json"
    },
    {
      "evidence_id": "EV:file-2",
      "type": "file_excerpt",
      "title": "scripts/add-dns-record.js",
      "file_path": "scripts/add-dns-record.js"
    },
    {
      "evidence_id": "EV:file-3",
      "type": "file_excerpt",
      "title": "scripts/add-email-forward.js",
      "file_path": "scripts/add-email-forward.js"
    },
    {
      "evidence_id": "EV:file-4",
      "type": "file_excerpt",
      "title": "scripts/cert-details.js",
      "file_path": "scripts/cert-details.js"
    },
    {
      "evidence_id": "EV:file-5",
      "type": "file_excerpt",
      "title": "scripts/check-domain.js",
      "file_path": "scripts/check-domain.js"
    },
    {
      "evidence_id": "EV:file-6",
      "type": "file_excerpt",
      "title": "scripts/check-ssl.js",
      "file_path": "scripts/check-ssl.js"
    },
    {
      "evidence_id": "EV:file-7",
      "type": "file_excerpt",
      "title": "scripts/config-helper.js",
      "file_path": "scripts/config-helper.js"
    },
    {
      "evidence_id": "EV:file-8",
      "type": "file_excerpt",
      "title": "scripts/config-status.js",
      "file_path": "scripts/config-status.js"
    },
    {
      "evidence_id": "EV:file-9",
      "type": "file_excerpt",
      "title": "scripts/configure-autorenew.js",
      "file_path": "scripts/configure-autorenew.js"
    },
    {
      "evidence_id": "EV:file-10",
      "type": "file_excerpt",
      "title": "scripts/create-snapshot.js",
      "file_path": "scripts/create-snapshot.js"
    },
    {
      "evidence_id": "EV:cisco-1",
      "type": "file_excerpt",
      "title": "TIRITH_INSECURE_TLS [HIGH] scripts/check-ssl.js:21: rejectUnauthorized: false, // Don't fail on self-signed/expired",
      "file_path": "scripts/check-ssl.js"
    },
    {
      "evidence_id": "EV:cisco-2",
      "type": "file_excerpt",
      "title": "TOOL_ABUSE_SYSTEM_MODIFICATION [CRITICAL] scripts/config-status.js:169: console.log('   chmod 600 ~/.config/gandi/api_token');",
      "file_path": "scripts/config-status.js"
    },
    {
      "evidence_id": "EV:cisco-3",
      "type": "file_excerpt",
      "title": "TIRITH_DOTFILE_OVERWRITE [HIGH] scripts/config-status.js:168: console.log('   echo \"YOUR_TOKEN\" > ~/.config/gandi/api_token');",
      "file_path": "scripts/config-status.js"
    },
    {
      "evidence_id": "EV:cisco-4",
      "type": "file_excerpt",
      "title": "TOOL_ABUSE_SYSTEM_MODIFICATION [CRITICAL] scripts/gandi-api.js:44: `  echo \"YOUR_PAT\" > ${TOKEN_FILE} && chmod 600 ${TOKEN_FILE}`",
      "file_path": "scripts/gandi-api.js"
    },
    {
      "evidence_id": "EV:cisco-5",
      "type": "file_excerpt",
      "title": "TOOL_ABUSE_SYSTEM_MODIFICATION [CRITICAL] SKILL.md:142: chmod 600 ~/.config/gandi/api_token",
      "file_path": "SKILL.md"
    },
    {
      "evidence_id": "EV:cisco-6",
      "type": "file_excerpt",
      "title": "INSTRUCTED_SENSITIVE_SERVICE_ACCESS [HIGH] SKILL.md:672: node add-email-forward.js example.com contact [email protected]",
      "file_path": "SKILL.md"
    },
    {
      "evidence_id": "EV:cisco-7",
      "type": "file_excerpt",
      "title": "SOCIAL_ENG_VAGUE_DESCRIPTION [LOW] SKILL.md:1: ---",
      "file_path": "SKILL.md"
    },
    {
      "evidence_id": "EV:cisco-8",
      "type": "file_excerpt",
      "title": "MCP_TOOL_POISONING_SENSITIVE_DATA [HIGH] SKILL.md:108: ### Step 2: Store Token",
      "file_path": "SKILL.md"
    },
    {
      "evidence_id": "EV:cisco-9",
      "type": "file_excerpt",
      "title": "TIRITH_DOTFILE_OVERWRITE [HIGH] SKILL.md:123: echo 'export GANDI_API_TOKEN=\"YOUR_PERSONAL_ACCESS_TOKEN\"' >> ~/.bashrc",
      "file_path": "SKILL.md"
    }
  ]
}