Back to skill
Skillv0.2.7
VirusTotal security
Gandi - Registrar & DNS · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignMay 1, 2026, 3:20 AM
- Hash
- fd1c5230f9fbd05ad640859ff4ceb49d4dbe2fc27a51cbec28bd56f33b5380ef
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: gandi-skill Version: 0.2.7 The OpenClaw Gandi skill is classified as benign. It is transparent about its destructive capabilities, explicitly declares `disable-model-invocation: true` in `SKILL.md` to prevent autonomous agent execution, and implements robust input sanitization and validation across all scripts (e.g., `sanitizeDomain`, `sanitizeRecordName` in `gandi-api.js`). Sensitive data (API tokens, contact info) is stored locally in `~/.config/gandi/` with secure permissions (0o600). Destructive operations are guarded by explicit user confirmation prompts. All network communication is directed solely to the official Gandi API endpoints. The use of `rejectUnauthorized: false` in `check-ssl.js` is for diagnostic purposes (probing any SSL certificate, valid or not) and does not indicate malicious intent or data exfiltration. No evidence of backdoors, unauthorized data exfiltration, or prompt injection designed to bypass security controls was found.
- External report
- View on VirusTotal