ClawHub

Volcengine Network Dns

v1.0.0

DNS record management on Volcengine networking services. Use when users need zone record query/update, traffic routing changes, or DNS propagation troubleshooting.

0· 957·0 current·0 all-time
by@cinience
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name, description, and instructions all consistently describe DNS record management for Volcengine (query/update/propagation checks). However, managing DNS via a cloud provider normally requires API credentials and explicit API/CLI invocation details; those are missing from the manifest and SKILL.md. This mismatch is notable but could be an oversight rather than malicious intent.
Instruction Scope
SKILL.md contains a focused checklist (confirm zone/record, query before change, apply change with TTL constraints, validate propagation) and safety rules (avoid blind overwrite, include rollback values). It does not instruct reading unrelated files, exfiltrating data, or contacting unknown endpoints. The instructions are appropriately scoped to DNS ops.
Install Mechanism
This is an instruction-only skill with no install spec and no code files. That lowers surface area: nothing is written to disk and no third-party packages are pulled.
!
Credentials
No required environment variables, credentials, or config paths are declared, yet the skill's stated functionality (calling Volcengine DNS APIs) would normally require API keys/secrets or a configured CLI. The absence of any declared auth mechanism is disproportionate and makes it unclear how the skill expects to operate or where credentials would come from.
Persistence & Privilege
always is false and nothing requests persistent system-level presence. The skill does not claim to modify other skills or system config. Autonomous invocation is allowed (platform default) but not by itself a red flag here.
What to consider before installing
This skill appears coherent in its DNS workflow but leaves out a critical detail: how it will authenticate to Volcengine. Before installing or using it, ask the author to: (1) specify the exact authentication method (what env vars or service account are required), (2) show example API calls or CLI commands the agent will run, and (3) confirm there are no external telemetry endpoints. If you proceed, provide a least-privilege Volcengine API key scoped only to DNS operations (not a full admin key), test in a non-production zone, ensure audit logging is enabled, and be prepared to revoke the key if behavior is unexpected. If the skill is expected to use platform-managed credentials, verify how the platform supplies those and that it doesn't request broader credentials elsewhere.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fxh0hwmb0vttf0g5cmz8w7980y1ys

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments