Back to skill
Skillv1.1.0
VirusTotal security
Cloudflare Manager · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:51 AM
- Hash
- e5fd23693f68441a621b3487ffb3068232a2a7e54cb30f6a936e4dcf267dc556
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: cloudflare-manager Version: 1.1.0 The skill is classified as suspicious due to significant vulnerabilities, primarily in `scripts/cf_manager.py`. The `update_ingress` function directly inserts user-provided `hostname` and `service` arguments into the `/etc/cloudflared/config.yml` file without sanitization. This creates a high risk of command injection or YAML injection if the `cloudflared` binary or its YAML parser can be exploited by crafted input, potentially leading to arbitrary code execution. Additionally, the skill explicitly requires and uses `sudo` for reading/writing system configuration files (`/etc/cloudflared/config.yml`) and restarting the `cloudflared` service, which, if `sudoers` is not configured with strict least privilege as advised in `SKILL.md`, presents a privilege escalation vulnerability.
- External report
- View on VirusTotal