ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

SSL

Set up HTTPS, manage TLS certificates, and debug secure connection issues.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
2 · 843 · 1 current installs · 1 all-time installs
byIván@ivangdavila
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the content: SKILL.md, formats.md, servers.md and troubleshooting.md contain expected cert management commands (certbot, openssl), server config examples (nginx, Apache, Caddy, Traefik, HAProxy), format conversions, and troubleshooting steps. There are no unrelated binaries, env vars, or credentials requested.
Instruction Scope
Instructions tell an operator to run standard system commands and to read certificate/key files (e.g., /etc/letsencrypt/live/.../privkey.pem) and modify permissions — this is appropriate for certificate management but is sensitive because it involves private keys and privileged operations. The skill does not instruct exfiltration or contact to unexpected endpoints; it references legitimate external checks (ssllabs.com, testssl.sh).
Install Mechanism
No install specification and no code files — instruction-only. That is low-risk: nothing is downloaded or written by an installer step.
Credentials
The skill requests no environment variables, credentials, or config paths beyond example file locations. The examples reference common system paths for certificates but do not require any secret to be supplied to the skill itself.
Persistence & Privilege
always:false and no instructions to modify other skills or platform settings. Autonomous invocation is allowed by platform default but the skill does not request persistent privileges or alter other skills' configs.
Assessment
This skill appears to be an honest, instruction-only TLS/HTTPS guide. Before installing or letting an agent execute it: (1) understand that following its commands may read private keys and require root — never expose private keys to untrusted actors; (2) review any certbot/openssl commands before running them on production (certbot --nginx can modify server configs); (3) run sensitive commands yourself if you don't want an agent to perform privileged operations; and (4) ensure the agent’s execution environment is trusted since the steps touch /etc/letsencrypt and other system files.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.2
Download zip
latestvk977jx704bk9am3bwdsnwk3bhn810sat

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Triggers

Activate on: SSL certificate, HTTPS setup, Let's Encrypt, certbot, TLS configuration, certificate expired, mixed content, certificate chain error.

Core Tasks

TaskTool/Method
Get free certcertbot, acme.sh, Caddy (auto)
Check cert statusopenssl s_client -connect host:443
View cert detailsopenssl x509 -in cert.pem -text -noout
Test configssllabs.com/ssltest or testssl.sh
Convert formatsSee formats.md

Quick Cert Commands

# Let's Encrypt with certbot (most common)
certbot certonly --nginx -d example.com -d www.example.com

# Check expiry
echo | openssl s_client -connect example.com:443 2>/dev/null | openssl x509 -noout -dates

# Verify chain is complete
openssl s_client -connect example.com:443 -servername example.com
# Look for "Verify return code: 0 (ok)"

Common Errors

ErrorCauseFix
certificate has expiredCert past valid dateRenew with certbot renew
unable to verify / self signedMissing intermediate certInclude full chain in config
hostname mismatchCert doesn't cover this domainGet cert for correct domain or add SAN
mixed contentHTTP resources on HTTPS pageChange all URLs to HTTPS or use //
ERR_CERT_AUTHORITY_INVALIDSelf-signed or untrusted CAUse Let's Encrypt or install CA cert

For detailed troubleshooting steps, see troubleshooting.md.

Server Config Patterns

Nginx:

server {
    listen 443 ssl http2;
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
}

Apache:

SSLEngine on
SSLCertificateFile /path/to/cert.pem
SSLCertificateKeyFile /path/to/privkey.pem
SSLCertificateChainFile /path/to/chain.pem

For Node.js, Caddy, Traefik, and HAProxy, see servers.md.

Renewal

Let's Encrypt certs expire in 90 days. Always automate:

# Test renewal
certbot renew --dry-run

# Cron (certbot usually adds this)
0 0 * * * certbot renew --quiet

Certificate Types

TypeUse case
Single domainOne site (example.com)
Wildcard (*.domain.com)All subdomains
Multi-domain (SAN)Multiple different domains on one cert
Self-signedLocal dev only — browsers will warn

What This Doesn't Cover

  • Application auth (JWT, OAuth) → see oauth skill
  • SSH keys → see linux or server skills
  • VPN/tunnel setup → see networking skills
  • Firewall configuration → see server/infrastructure skills

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…