ClawHub
Back to skill
v1.0.0

Cloudflare API

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 4:53 AM.

Analysis

The skill appears to be a real Cloudflare helper, but it can make live DNS and tunnel changes with a powerful token and some operations are not tightly scoped.

GuidanceOnly install if you trust the publisher and can use a narrowly scoped Cloudflare token. Before running mutating commands, verify the exact account, zone, DNS record, tunnel, and existing tunnel configuration, and avoid sharing API or tunnel tokens in logs or chats.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
scripts/dns/update.sh
RECORD_ID=$(echo "$RECORDS" | jq -r '.result[0].id // empty') ... RESPONSE=$(cf_put "/zones/$ZONE_ID/dns_records/$RECORD_ID" "$DATA")

The DNS update path selects the first record matching name/type and performs a live PUT without requiring a record ID or showing a confirmation.

User impactIf a domain has multiple similar records, the user or agent could update the wrong DNS record and disrupt routing.
RecommendationRequire explicit record IDs or content matching for updates, show the exact before/after change, and ask for confirmation before mutating DNS.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
metadata
Source: unknown; Homepage: none; Required env vars: none; Primary credential: none

For a cloud-administration skill requiring a Cloudflare token, the published metadata gives no provenance and under-declares the credential contract.

User impactUsers have less publisher/source context when deciding whether to trust code that controls Cloudflare resources.
RecommendationVerify the publisher before installing and update metadata to declare the Cloudflare credential requirements and any helper binaries clearly.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusConcern
scripts/_lib.sh
cf_get "/accounts?per_page=1" ... jq -r '.result[0].id // empty'

Tunnel scripts use this helper to pick the first available Cloudflare account instead of requiring the user to specify which account to modify.

User impactA token with access to multiple Cloudflare accounts could create, configure, or delete tunnels in the wrong account.
RecommendationRequire an explicit account ID or clearly display and confirm the selected account before any tunnel mutation; prefer tokens scoped to one account.
Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
Create a token with required permissions: Zone:Read, DNS:Edit, Account:Cloudflare Tunnel:Edit ... echo "YOUR_API_TOKEN" > ~/.cloudflare_token

The Cloudflare token handling is expected for this skill, but the requested permissions can modify DNS and tunnels and the token is stored locally.

User impactAnyone who obtains the token could make Cloudflare changes within its granted scope.
RecommendationUse the narrowest possible Cloudflare API token, scope it to only needed zones/accounts, keep ~/.cloudflare_token chmod 600, and rotate it if exposed.