caddy-subdomain-add

[Skill Scanner] Credential file access detected This skill’s stated purpose, required permissions, and operations are internally consistent: it legitimately needs to read/write domains.toml, run validation and apply scripts, and use Cloudflare API tokens to sync Access. I did not find direct evidence of obfuscation, hardcoded secrets, or explicit malicious commands (no remote download-and-execute or credential forwarding in the provided fragment). However, the skill performs high-privilege operations (editing DNS/proxy configuration, reloading services, and using API tokens), so it represents a moderate operational risk if used by an untrusted agent or if the referenced scripts are compromised. Review and vet the referenced management scripts (manage-domains.sh, sync-cloudflare-access.py, generate-pihole-dns.py) before granting this skill access to production credentials and systems. LLM verification: The skill text itself does not contain explicit malicious code. It performs high-impact administrative actions (editing domains.toml, running management scripts, updating DNS/TLS, interacting with Cloudflare) which are appropriate for its purpose but carry significant risk if helper scripts or environment secrets (.env, Docker credentials) are untrusted or mishandled. Recommended actions before trusting automation: audit manage-domains.sh and all referenced scripts for intended behavior, verify