Certificaty
v1.0.0Generate, manage, and download SSL/TLS certificates with token-based verification and multi-domain support.
⭐ 0· 34·0 current·0 all-time
byToolWeb@krishnakumarmahadevan-cmd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the included API documentation (token generation, certificate issuance, download). The openapi.json paths correspond to the endpoints described in SKILL.md. Nothing in the files requests unrelated credentials, binaries, or system access.
Instruction Scope
SKILL.md is purely API documentation and does not instruct the agent to read local files or environment variables. However, it omits concrete authentication/security semantics: the token-generation flow is described but openapi.json does not include any securitySchemes or show how tokens are presented for subsequent calls. The /download endpoint can return certificate or private key files—confirm whether and how access is restricted before allowing the agent to call it.
Install Mechanism
Instruction-only skill with no install spec and no code files to write to disk. This is low-risk from an install/execution standpoint.
Credentials
The skill declares no required environment variables, no primary credential, and no config paths. That matches the provided documentation which relies on API calls and ephemeral tokens; there are no disproportionate credential requests in the bundle.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request persistent agent-level privileges or attempt to modify other skills or agent config. Autonomous invocation is allowed by default but does not combine here with other elevated privileges.
Assessment
This skill appears coherent with its stated purpose, but take these precautions before installing or using it: 1) The package source and homepage are unknown—verify the provider (toolweb.in references exist in docs) and review their reputation and privacy/security policies. 2) Ask or inspect how authentication works: openapi.json lacks securitySchemes and SKILL.md doesn't explain how tokens are used to authorize certificate generation or downloads—ensure the service requires proof of ownership and enforces access control for private keys. 3) Treat downloads of private.key files as sensitive: confirm the service's retention policy and whether downloads require strong auth. 4) Test in a sandbox account or on non-production domains first. 5) If you need stronger assurance, request the upstream API host, TLS certificate, and a statement of how audit logs and key material are handled. If you cannot verify these, avoid using the skill for production/private certificates.Like a lobster shell, security has layers — review code before you run it.
latestvk9792dcgwjkr274vf39dx0mvbx842dhh
License
MIT-0
Free to use, modify, and redistribute. No attribution required.