CDN
PassAudited by ClawScan on May 1, 2026.
Overview
This is a documentation-only CDN guidance skill, with legitimate but high-impact CDN and firewall command examples that users should review before running.
This skill appears safe as documentation. Before using its command examples, confirm the exact CDN zone, distribution, URL paths, and credential scopes, especially for full cache purges or firewall changes on production systems.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user or agent runs broad purge commands without confirming scope, visitors may experience slower performance and the origin server may see a traffic spike.
The skill documents CDN cache purge commands, including full purge operations. This is expected for CDN management, but running such commands can affect production traffic and origin load.
curl -X POST "https://api.cloudflare.com/client/v4/zones/{zone_id}/purge_cache" ... -d '{"purge_everything":true}'Use targeted purges where possible, confirm the target zone or distribution, and require explicit user approval before broad production changes.
Using overly broad provider tokens could allow unintended CDN configuration or purge actions if commands are copied or automated carelessly.
The examples use CDN provider credentials for API calls. This is purpose-aligned and not hidden, but the tokens can authorize account-level cache or CDN changes.
-H "Authorization: Bearer $CF_TOKEN" ... -H "AccessKey: $BUNNY_API_KEY"
Use least-privilege tokens scoped to the specific CDN zone or pull zone, and avoid exposing credentials in logs or shared terminals.
A full cache purge during normal traffic could overload the origin or degrade site performance.
The artifact itself warns that a full cache purge can cascade into origin load. The warning is appropriate and purpose-aligned.
Full Purge (Last Resort) - Clears entire cache - Causes origin traffic spike - Only use for emergencies
Prefer versioned URLs, surrogate-key purges, or path-specific invalidations; reserve full purges for emergencies with monitoring in place.