pp-cf-domain

Fail

Audited by Snyk on May 27, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The skill includes an explicit example that instructs storing a bearer token by embedding it verbatim in a CLI command (cf-domain-pp-cli auth set-token YOUR_TOKEN_HERE), which requires the LLM/agent to handle and potentially output secret values directly.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill exposes a concrete "registrar domain-register" command that registers a domain "through Cloudflare Registrar using account default registrant/payment settings." That is an explicit action that initiates a purchase/payment using stored payment credentials (and requires auth setup/token). This is a specific, non-generic capability to move money (execute a paid domain registration), so it constitutes direct financial execution authority.

Issues (2)

W007
HIGH

Insecure credential handling detected in skill instructions.

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
HIGH
Analyzed
May 27, 2026, 03:51 PM
Issues
2
Security Audit — snyk — pp-cf-domain