Hetzner Cloud CLI
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Hetzner Cloud CLI guide, but it gives access to high-impact cloud actions and API-token setup that users should control carefully.
Install only the official hcloud CLI, verify the download if possible, and use a least-privileged Hetzner API token. Before allowing the agent to run commands, check the active hcloud context and explicitly approve any action that creates costs, changes networking, stops services, or deletes infrastructure.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used without careful review, the agent could run commands that delete servers, remove volumes, change firewalls, or incur cloud charges.
The skill exposes commands that can create, stop, reboot, or delete cloud infrastructure. This is aligned with the Hetzner management purpose, but accidental use could cause outages or data loss.
Supports server management (create/delete/start/stop) ... hcloud server delete <name-or-id>
Confirm the active Hetzner context and require explicit user approval before create, delete, stop, reboot, firewall, volume, or load-balancer changes.
Anyone or any agent process able to use that token may be able to modify Hetzner Cloud resources in the associated project.
The skill instructs configuration of a Hetzner API token, which is expected for hcloud but grants account/project authority depending on the token scope.
token = "YOUR_HETZNER_API_TOKEN"
Use the least-privileged Hetzner token available, store it only in the intended config file, keep file permissions restricted, and rotate the token if exposed.
A user could install a different future release than expected, or be exposed to supply-chain risk if the download source or path is compromised.
The manual install instructions download the latest release archive and install a binary with sudo, without pinning a version or showing checksum verification.
wget -q "$URL" tar xzf hcloud-linux-*.tar.gz sudo mv hcloud /usr/local/bin/
Prefer official Hetzner installation instructions, pin a known version when possible, and verify release checksums or signatures before installing with sudo.