← Back to Scanner

gandi-skill Security Audit Report

🔭 Continuously monitored by ClawSecure Watchtower
Source:
SHA-256:

gandi-skill is an AI agent skill, created by chrisagiddings and published at openclaw/skills. ClawSecure audited gandi-skill across 48 files through the 3-Layer Audit Protocol covering all ten OWASP ASI Top 10 categories, assigning a security score of 0/100 (High Risk). The 28 findings concentrate in Data Exfiltration, Obfuscation and Policy Violation, including Only 24% of skill content could be analyzed. 36 of 48 files are opaque... and Pattern detected: fs.readFileSync(. 21 were rated high or critical severity.

Is gandi-skill safe?

ClawSecure audited gandi-skill and assigned a security score of 0/100 (High Risk), identifying 28 findings across Data Exfiltration and Obfuscation. Review the findings below before installing.

What did ClawSecure find in gandi-skill?

ClawSecure identified 28 findings in gandi-skill, concentrated in Data Exfiltration, Obfuscation and Policy Violation. 21 were rated high or critical severity. The most severe include Only 24% of skill content could be analyzed. 36 of 48 files are opaque... and Pattern detected: fs.readFileSync(.

How was gandi-skill audited?

ClawSecure ran gandi-skill through its 3-Layer Audit Protocol with full OWASP ASI Top 10 coverage, scanning 48 files from openclaw/skills.

What does a score of 0 mean?

ClawSecure assigned gandi-skill a security score of 0/100, placing it in the High Risk range. This is driven by 28 findings led by Data Exfiltration that should be addressed before use. ClawSecure derives this score with a weighted deduction model (critical -20, high -10, medium -5, low -2 from a base of 100).

Audit Findings for gandi-skill

ClawSecure detected 28 security findings in gandi-skill, spanning Data Exfiltration, Obfuscation, Policy Violation and Command Injection.

Showing the 12 highest-severity of 28 findings. The full interactive list appears below.

3-Layer Audit Protocol

Security Recommendations for gandi-skill

Audit external network connections
gandi-skill sends data to external endpoints. Confirm each destination is expected and authorized, and remove any callback that exfiltrates data. ClawSecure monitors for known exfiltration and C2 endpoints.
Review obfuscated or hidden code
gandi-skill contains obfuscated or hidden content that resists review. Inspect encoded, minified or hidden files to confirm they are not concealing unexpected behavior before installing.
Resolve policy violations
gandi-skill trips ClawSecure policy checks. Review each flagged pattern against your security policy and remediate or document an accepted exception before production use.

Related Security Research

ClawHavoc Explained: The Malware Family Targeting AI AgentsBeyond Static Scans: Why ClawSecure Verifies Agentic Intent

Related AI Agent Security Audits

6bc837afc1a86e89Score 0/100understand-anythingScore 0/100memory-lancedb-proScore 0/10062ac696296b54aadScore 0/100gstackScore 0/100

Scanned on March 2, 2026. gandi-skill is one of thousands of agents audited by ClawSecure from the community-curated awesome-openclaw-skills list and the openclaw/skills repository.

Start Your Free Scan