gandi-skill Security Audit Report
gandi-skill is an AI agent skill, created by chrisagiddings and published at openclaw/skills. ClawSecure audited gandi-skill across 48 files through the 3-Layer Audit Protocol covering all ten OWASP ASI Top 10 categories, assigning a security score of 0/100 (High Risk). The 28 findings concentrate in Data Exfiltration, Obfuscation and Policy Violation, including Only 24% of skill content could be analyzed. 36 of 48 files are opaque... and Pattern detected: fs.readFileSync(. 21 were rated high or critical severity.
Is gandi-skill safe?
ClawSecure audited gandi-skill and assigned a security score of 0/100 (High Risk), identifying 28 findings across Data Exfiltration and Obfuscation. Review the findings below before installing.
What did ClawSecure find in gandi-skill?
ClawSecure identified 28 findings in gandi-skill, concentrated in Data Exfiltration, Obfuscation and Policy Violation. 21 were rated high or critical severity. The most severe include Only 24% of skill content could be analyzed. 36 of 48 files are opaque... and Pattern detected: fs.readFileSync(.
How was gandi-skill audited?
ClawSecure ran gandi-skill through its 3-Layer Audit Protocol with full OWASP ASI Top 10 coverage, scanning 48 files from openclaw/skills.
What does a score of 0 mean?
ClawSecure assigned gandi-skill a security score of 0/100, placing it in the High Risk range. This is driven by 28 findings led by Data Exfiltration that should be addressed before use. ClawSecure derives this score with a weighted deduction model (critical -20, high -10, medium -5, low -2 from a base of 100).
Audit Findings for gandi-skill
ClawSecure detected 28 security findings in gandi-skill, spanning Data Exfiltration, Obfuscation, Policy Violation and Command Injection.
- high · Only 24% of skill content could be analyzed. 36 of 48 files are opaque.... Policy Violation finding.
- high · Pattern detected: fs.readFileSync(. Data Exfiltration finding detected in
scripts/config-helper.js:33. - high · Pattern detected: fs.readFileSync(. Data Exfiltration finding detected in
scripts/config-helper.js:132. - high · Pattern detected: fs.readFileSync(. Data Exfiltration finding detected in
scripts/config-helper.js:149. - high · Pattern detected: fs.readFileSync(. Data Exfiltration finding detected in
scripts/config-helper.js:185. - high · Pattern detected: fs.readFileSync(. Data Exfiltration finding detected in
scripts/config-helper.js:211. - high · Pattern detected: fs.readFileSync(. Data Exfiltration finding detected in
scripts/delete-contact.js:50. - high · Pattern detected: fs.readFileSync(. Data Exfiltration finding detected in
scripts/gandi-api.js:48. - high · Pattern detected: fs.readFileSync(. Data Exfiltration finding detected in
scripts/gandi-api.js:69. - high · Pattern detected: fs.readFileSync(. Data Exfiltration finding detected in
scripts/gandi-api.js:89. - high · Pattern detected: fs.readFileSync(. Data Exfiltration finding detected in
scripts/gandi-api.js:175. - high · Pattern detected: fs.readFileSync(. Data Exfiltration finding detected in
scripts/profile-manager.js:43.
Showing the 12 highest-severity of 28 findings. The full interactive list appears below.
3-Layer Audit Protocol
Security Recommendations for gandi-skill
Audit external network connections
Review obfuscated or hidden code
Resolve policy violations
Related Security Research
ClawHavoc Explained: The Malware Family Targeting AI Agents→Beyond Static Scans: Why ClawSecure Verifies Agentic Intent→Related AI Agent Security Audits
Scanned on March 2, 2026. gandi-skill is one of thousands of agents audited by ClawSecure from the community-curated awesome-openclaw-skills list and the openclaw/skills repository.