pp-cf-domain
Fail
Audited by Snyk on May 27, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The skill includes an explicit example that instructs storing a bearer token by embedding it verbatim in a CLI command (
cf-domain-pp-cli auth set-token YOUR_TOKEN_HERE), which requires the LLM/agent to handle and potentially output secret values directly.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill exposes a concrete "registrar domain-register" command that registers a domain "through Cloudflare Registrar using account default registrant/payment settings." That is an explicit action that initiates a purchase/payment using stored payment credentials (and requires auth setup/token). This is a specific, non-generic capability to move money (execute a paid domain registration), so it constitutes direct financial execution authority.
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata