v0.2.7

Gandi - Registrar & DNS

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:17 AM.

Analysis

This skill is a clearly disclosed Gandi domain/DNS management tool with powerful account-changing abilities that users should handle carefully, but the artifacts do not show hidden or purpose-mismatched behavior.

GuidanceInstall only if you intend to manage Gandi domains or DNS from this environment. Start with a read-only Gandi token, grant write scopes only when needed, verify the package source, keep ~/.config/gandi private, and manually review any DNS, email-forwarding, registration, renewal, or bulk-change command before running it.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusNote

SKILL.md

This skill can perform DESTRUCTIVE operations on your Gandi account: ... Add, update, or delete DNS records ... Create, modify, or delete email forwards ... Register domains ... Bulk Operations: Replace all DNS records at once

The skill exposes high-impact tools that can change DNS, email routing, and registrar state, but the behavior is directly disclosed and aligned with the skill's purpose.

User impactA mistaken command could break websites, interrupt email delivery, or trigger paid domain actions.

RecommendationUse read-only tokens for viewing, create snapshots before changes, test on non-production domains first, and avoid --force unless you have reviewed the exact operation.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

metadata

Source: unknown; Homepage: none

The package has high-impact account-management capabilities, but the registry metadata does not provide a clear source or homepage for provenance checking.

User impactUsers have less metadata-level assurance about where this high-privilege skill came from.

RecommendationVerify the package contents and publisher before installing, especially before granting write-capable Gandi tokens.

Human-Agent Trust Exploitation

SeverityInfoConfidenceMediumStatusNote

CHANGELOG.md

Expected ClawHub scan result: BENIGN (high confidence)

The changelog includes a self-asserted expected scan outcome; users should rely on the actual review rather than author-provided safety expectations.

User impactA user could place too much weight on the package's own claim about expected review status.

RecommendationTreat self-assessments as informational only and base installation decisions on the actual artifacts, token scopes, and your risk tolerance.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

Scripts check for credentials in priority order: 1. GANDI_API_TOKEN environment variable ... 2. ~/.config/gandi/api_token file

The skill requires a Gandi Personal Access Token and may use account privileges granted to that token; this is expected for the integration and is clearly documented.

User impactAny token given to the skill can be used for the Gandi account operations allowed by its scopes.

RecommendationCreate a dedicated Gandi token with the minimum scopes needed, separate read-only and write tokens, and rotate or revoke tokens when no longer needed.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

SCRIPTS.md

setup-contact.js ... Prompts for contact details (name, email, address, etc.) ... Saves to ~/.config/gandi/contact.json ... Sets file permissions to 600

The skill can persist personal contact data locally for later registrar workflows; storage is disclosed and permission guidance is provided.

User impactLocal profile or contact files may contain sensitive personal information and could affect future domain-registration actions if outdated or modified.

RecommendationKeep ~/.config/gandi files private, review saved contact/profile data before registration actions, and remove stored details you no longer need.