ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

CDN

Configure, optimize, and troubleshoot CDN deployments with caching strategies, security hardening, and multi-provider management.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
2 · 662 · 3 current installs · 3 all-time installs
byIván@ivangdavila
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description align with the files (caching, providers, security, troubleshooting). Minor inconsistency: the registry metadata lists no required binaries or env vars, yet the docs include examples using provider CLIs and env vars (e.g., $CF_TOKEN, $BUNNY_API_KEY, aws CLI). This is expected for a CDN guide, but the skill does not declare those prerequisites.
Instruction Scope
SKILL.md and associated files stay within CDN setup, optimization, and debugging. They include executable examples (curl, aws CLI, iptables, openssl) and show how to use API tokens and secret headers. The docs do not instruct wide-ranging data collection or exfiltration, but several examples assume the agent or user will run privileged commands (iptables) or use API keys — actions that have side effects and require care.
Install Mechanism
Instruction-only skill with no install spec and no code files. Nothing is written to disk or downloaded by the skill itself, which is the lowest-risk install profile.
Credentials
The skill declares no required credentials, which is proportional. However example snippets reference provider tokens and CLI usage ($CF_TOKEN, $BUNNY_API_KEY, aws CLI). This is appropriate for real-world CDN tasks but means the user/agent will need to supply credentials externally if they follow those examples — the skill itself does not request or store them.
Persistence & Privilege
always is false and the skill is user-invocable. As an instruction-only skill it does not request persistent presence or modify other skills or global agent settings.
Assessment
This skill is a coherent, text-only CDN playbook — it won't install code or request secrets by itself. Before using it: (1) don't paste API keys or secret tokens into public chats; the docs include example env vars (e.g., $CF_TOKEN, $BUNNY_API_KEY) that you must keep private and provide only to trusted tooling. (2) Many examples assume CLIs (curl, aws, fastly) and privileged actions (iptables); run those commands yourself on the appropriate host rather than letting an agent execute them autonomously. (3) The skill's firewall/iptables examples and origin-protection steps can block traffic if applied incorrectly — validate commands in a safe environment. If you plan to let an agent act with your provider credentials, limit its scope (least privilege) and audit any API calls.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.1
Download zip
latestvk970xmsk7g65bjjzeb8s9mtczh81259t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

When to Use

User wants to set up, optimize, or debug a CDN. Covers provider selection, caching, security, and performance monitoring.

Quick Reference

TopicFile
Provider comparison & CLIsproviders.md
Security hardeningsecurity.md
Caching strategiescaching.md
Troubleshootingtroubleshooting.md

Core Capabilities

  1. Provider selection — Compare Cloudflare, CloudFront, Bunny, Fastly based on use case, traffic, budget
  2. Cache configuration — Set optimal cache-control headers, TTLs, cache keys
  3. Security setup — SSL/TLS, WAF rules, DDoS protection, origin shielding
  4. Performance monitoring — Cache hit ratios, TTFB, regional latency
  5. Invalidation — Purge strategies, CI/CD integration, tagged invalidation
  6. Cost optimization — Bandwidth analysis, tier recommendations, multi-CDN strategies
  7. Troubleshooting — Debug cache misses, stale content, origin overload

Cache-Control Checklist

Before deploying, verify:

  • Hashed assets (JS/CSS) → Cache-Control: public, max-age=31536000, immutable
  • HTML pages → Short TTL or no-cache with revalidation
  • Images → Long TTL with content-based URLs or versioning
  • API responses → Usually no-store unless explicitly cacheable
  • User-specific content → private or no-store

Security Checklist

  • TLS 1.2+ enforced, weak ciphers disabled
  • HSTS enabled with appropriate max-age
  • Origin IPs hidden, authenticated origin pulls configured
  • Rate limiting on sensitive endpoints (login, API)
  • Security headers: CSP, X-Frame-Options, X-Content-Type-Options

Common Mistakes

  • Caching user-specific responses (auth tokens, personalized content)
  • Using max-age without immutable for versioned assets
  • Purging entire cache instead of targeted paths
  • Ignoring Vary headers (cache poisoning risk)
  • Origin not rejecting direct access (bypassing CDN protections)

Decision: Do I Need a CDN?

Ask about:

  • Geographic distribution of users
  • Current page load times and Core Web Vitals
  • Static vs dynamic content ratio
  • Traffic volume and patterns

If users are mostly local and traffic is low → CDN may add complexity without benefit. If global users OR heavy static assets OR need DDoS protection → CDN adds value.

Files

5 total
Select a file
Select a file to preview.

Comments

Loading comments…