pp-godaddy

Warn

Audited by Snyk on Jun 23, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.80). This skill's prerequisite steps instruct fetching and executing remote code during install (via "npx -y @mvanhorn/printing-press-library install godaddy --cli-only" and "go install github.com/mvanhorn/printing-press-library/library/developer-tools/godaddy/cmd/godaddy-pp-cli@latest"), so the GitHub repo reference (github.com/mvanhorn/printing-press-library/...) and the npm package (@mvanhorn/printing-press-library) are runtime external dependencies that will fetch and execute remote code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill exposes explicit GoDaddy commerce APIs via the CLI that perform live account-changing, money-moving actions. Examples include "domains purchase" (purchase and register a domain), "auctions-aftermarket " which "places multiple bids", order and subscription management (orders, subscriptions cancel/update), and other write-capable endpoints. The docs also reference a GODADDY_ALLOW_WRITES flag required for live account-changing requests and a --dry-run preview, confirming these commands can execute financial operations. These are specific, non-generic financial actions, so this skill grants direct financial execution authority.

Issues (2)

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 23, 2026, 10:40 PM
Issues
2
Security Audit — snyk — pp-godaddy