pp-namecheap

Warn

Audited by Snyk on May 19, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.80). This skill requires installing and running remote code as a required dependency (e.g., via "npx -y @mvanhorn/printing-press install namecheap --cli-only" and "go install github.com/mvanhorn/printing-press-library/library/developer-tools/namecheap/cmd/namecheap-pp-cli@latest"), which fetches and executes external code at runtime.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill exposes explicit domain-ordering and renewal commands that are marked as "mutating paid operation" (e.g., namecheap-pp-cli domains create -> namecheap.domains.create, namecheap-pp-cli domains renew -> namecheap.domains.renew). Those commands perform purchases/paid transactions via the Namecheap API (and the CLI supports auth setup), so the skill includes specific, non-generic operations that can move money. (The docs note an agent/read-only preference, but the mutating/paid commands are present in the command surface.)

Issues (2)

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 19, 2026, 07:18 PM
Issues
2
Security Audit — snyk — pp-namecheap