Back to skill

Security audit

OpenClaw Cloudflare Secure

Security checks across malware telemetry and agentic risk

Overview

This skill performs powerful but disclosed Cloudflare Tunnel, DNS, and VPS setup actions that fit its stated purpose.

Install this only on the VPS and Cloudflare zone you intend to manage. Use a zone-scoped Cloudflare API token, inspect or back up existing DNS records before cutover, verify the cloudflared package source if your environment requires supply-chain controls, and complete the Cloudflare Access allowlist before relying on the public hostname.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill invokes sensitive capabilities including shell execution, network access, and environment-variable use, but does not declare permissions or boundaries for those actions. That makes privilege expectations opaque and increases the risk of agents executing DNS changes, package installs, or service management without adequate user review.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The skill is presented as a secure Cloudflare Access/Tunnel workflow, but the described behavior includes package installation, privileged systemd changes, and destructive Cloudflare DNS CRUD while omitting implementation of key security controls such as Access policy configuration. This mismatch can cause operators to overtrust the skill and expose services with incomplete protection or unintended infrastructure changes.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The instructions explicitly say the helper will find and delete existing A/AAAA/CNAME records for the hostname, but do not provide a strong warning about downtime, breaking unrelated services, or the need to verify the target record first. In a production DNS zone, this can disrupt availability or accidentally cut over the wrong hostname.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.