ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Free DDNS

v1.0.2

RunDDNS 动态域名解析服务 - 简单、快速、免费的动态域名解析

0· 126·0 current·0 all-time
by@loverun321

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for loverun321/free-ddns.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Free DDNS" (loverun321/free-ddns) from ClawHub.
Skill page: https://clawhub.ai/loverun321/free-ddns
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install free-ddns

ClawHub CLI

Package manager switcher

npx clawhub@latest install free-ddns
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (Free DDNS) match the SKILL.md instructions (API update endpoint, curl example, registering for a subdomain). However there is a small inconsistency: the service site is ddns.yinze.run while example hostnames use the domain 1798.cloud and the Windows client is served from nas.yinze.run:2018 — this multi-host setup is plausible but unexplained and worth verifying.
!
Instruction Scope
Instructions themselves are limited to registering, calling the update API (curl -u username:password), and downloading/installing a Windows client. The concerning part is the client download: a direct HTTP URL on a nonstandard port (http://nas.yinze.run:2018/...) is provided and the doc says the client "auto-runs in background" after install — that implies persistent behavior and potentially elevated OS-level effects not visible from the SKILL.md. The SKILL.md does not instruct the agent to read unrelated files or system state, but it does encourage installing an opaque binary from an untrusted host.
!
Install Mechanism
There is no formal install spec for the skill itself (instruction-only), but the runtime instructions point users to download a 48MB Windows client over plain HTTP from nas.yinze.run:2018. Downloading and executing binaries from an unverified HTTP endpoint is high risk: the transport is not encrypted and the origin is not a known trusted release host.
Credentials
The skill declares no required environment variables or credentials; the SKILL.md expects service credentials (username:password) for the DDNS API via basic auth in the curl example, which is proportionate and expected for a DDNS update workflow. No unrelated secrets or system config paths are requested.
Persistence & Privilege
The skill metadata does not request persistent agent privileges (always:false) and is user-invocable. However, the recommended Windows client is described as auto-starting and running in the background after installation — this creates persistence on the user's machine independent of the skill metadata and is a relevant security consideration for users.
What to consider before installing
This skill's written instructions match a DDNS service, but exercise caution before following the Windows client download link: the binary is served over plain HTTP from a nonstandard host/port (nas.yinze.run:2018), which allows tampering in transit and is not an established release host. Before installing, verify the publisher and prefer an HTTPS download or an official release page. If you must test it, run the client inside an isolated VM or sandbox, scan the binary with up-to-date antivirus, and inspect network/autorun behavior. For API usage, prefer using the HTTPS endpoint shown and avoid embedding credentials in scripts; store credentials securely. If anything about the domain/hosts looks unfamiliar, contact the provider for clarification or use a reputable DDNS provider instead.

Like a lobster shell, security has layers — review code before you run it.

ddnsvk9739kr2cvtpxm7wjpntzp6ne5856ch0devopsvk9739kr2cvtpxm7wjpntzp6ne5856ch0dnsvk9739kr2cvtpxm7wjpntzp6ne5856ch0freevk9739kr2cvtpxm7wjpntzp6ne5856ch0latestvk9739kr2cvtpxm7wjpntzp6ne5856ch0networkvk9739kr2cvtpxm7wjpntzp6ne5856ch0
126downloads
0stars
3versions
Updated 1w ago
v1.0.2
MIT-0
@loverun321
ddnsdevopsdnsfreelatestnetwork
Download

Free DDNS

简单、快速、免费的动态域名解析服务

服务地址

快速开始

1. 注册账号

访问 https://ddns.yinze.run/register 注册

2. 更新域名 IP(curl 命令)

curl -u "用户名:密码" "https://ddns.yinze.run/nic/update?hostname=您的域名.1798.cloud&myip=1.2.3.4"

参数说明:

  • hostname:完整域名,格式为 xxx.1798.cloud
  • myip:要绑定的 IP 地址(可选,不填则自动获取当前公网 IP)

3. Windows 客户端

适用平台

  • Windows PowerShell / CMD
  • Linux / macOS
  • 路由器
  • 任何能发送 HTTP 请求的工具

域名格式

注册后会获得一个 xxx.1798.cloud 的子域名

注意事项

  • 基于 HTTPS 加密传输
  • 支持实时更新 DNS 记录
  • 客户端安装后自动启动监控,无需手动操作

Comments

Loading comments...