pp-namecheap

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install the namecheap-pp-cli binary using npx from the @mvanhorn NPM scope or via go install from the github.com/mvanhorn GitHub repository. These sources are associated with the skill's author context.
  • [COMMAND_EXECUTION]: The skill facilitates the execution of various Namecheap management commands through the namecheap-pp-cli binary using the Bash tool. These commands interact with Namecheap's XML API to retrieve or modify account and domain data.
  • [DATA_EXFILTRATION]: The CLI tool includes a --deliver webhook:<url> feature that allows output, which may contain sensitive API data, to be POSTed to an external URL. Additionally, the feedback command can be configured to automatically send local feedback entries to a remote endpoint if the NAMECHEAP_FEEDBACK_ENDPOINT environment variable is set. These are documented capabilities of the managed tool rather than hidden malicious behaviors.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 07:18 PM
Security Audit — agent-trust-hub — pp-namecheap