cloudflare-registrar

Warn

Audited by Snyk on Jun 27, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill explicitly includes a Register action that calls the Cloudflare Registrar API (/registrations) to create domain registrations that are "billable" and "charge the account's default payment method" (non-refundable). It requires a CLOUDFLARE_API_TOKEN with Registrar write permission and provides scripts (register.sh) to perform the purchase. This is a specific, explicit financial execution capability (sending a paid transaction), not a generic tool, so it grants direct financial execution authority.

Issues (1)

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 27, 2026, 06:27 AM
Issues
1
Security Audit — snyk — cloudflare-registrar