Hetzner Cloud CLI
v1.0.0Manage Hetzner Cloud infrastructure using the hcloud CLI. Use when working with Hetzner servers, firewalls, networks, volumes, load balancers, or any Hetzner...
⭐ 0· 678·2 current·2 all-time
byJens Jung@jpj069
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name, description, and the SKILL.md all consistently describe using the official hcloud CLI to manage Hetzner resources (servers, firewalls, volumes, networks, load balancers). The commands and examples shown are coherent with that purpose.
Instruction Scope
The runtime instructions include a full install snippet that downloads a GitHub release archive, extracts a binary, and moves it to /usr/local/bin (uses sudo). They also instruct creating ~/.config/hcloud/cli.toml containing the Hetzner API token and reference ~/.ssh/id_ed25519.pub for SSH-key upload. These are typical for installing/using the hcloud CLI, but they require elevated privileges (sudo) and writing a credential file in the user's home directory — both are operationally sensitive and should be executed only after verification.
Install Mechanism
There is no formal install spec in the registry (instruction-only), but SKILL.md shows downloading from GitHub releases (github.com/hetznercloud/cli/releases/latest/download/...). Using the project's official GitHub releases is reasonable; however the script installs a binary into a system path with sudo and uses the 'latest' redirect which can change over time. No obscure URLs or shorteners are used.
Credentials
The skill metadata declares no required environment variables or primary credential, yet the instructions require a Hetzner API token to be placed in ~/.config/hcloud/cli.toml. That token is necessary and appropriate for the skill's function, but its omission from the declared requirements is an inconsistency that can mislead users about secrets the skill needs. The other referenced files (public SSH key) are relevant and proportionate.
Persistence & Privilege
The skill is not marked 'always' and is user-invocable only. It does not request persistent platform privileges. However, the provided install instructions require sudo to write a binary into /usr/local/bin which is a privileged action — normal for CLI installs but worth highlighting as a risk if you blindly run the commands.
What to consider before installing
This skill appears to be a straightforward guide for the official Hetzner hcloud CLI, but note two issues before installing: (1) the SKILL.md expects you to provide a Hetzner API token (it tells you to put it in ~/.config/hcloud/cli.toml) even though the registry metadata lists no required credential — treat that as a required secret. (2) The install steps download a binary from the project's GitHub releases and move it into /usr/local/bin using sudo — only run those commands if you trust the source and understand you are giving the installer elevated privileges. Recommendations: verify the download URL and upstream project, prefer your OS package manager or vendor-signed release when available, create and use a least-privilege Hetzner token, set tight permissions on the config file, avoid pasting tokens into untrusted prompts, and review any commands that delete or modify cloud resources (they can irreversibly destroy servers/volumes). If the registry metadata could be updated to declare the Hetzner API token as a required credential, that would remove the primary inconsistency and increase confidence.Like a lobster shell, security has layers — review code before you run it.
latestvk973xtcagsgsgkegqzqm3m0gc581fk3t
License
MIT-0
Free to use, modify, and redistribute. No attribution required.