Cloudways Integration
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This documentation-only Cloudways guide is coherent and transparent, but it describes admin workflows that handle real credentials and database changes.
This skill itself is documentation-only and does not install code, but the Cloudways feature it describes is for trusted operators. Before using it with real sites, review the actual OpenClaw Cloudways source files, confirm secrets stay in the vault, use placeholders in shared materials, and treat database write queries as production-impacting actions.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with real accounts, the integration can access Cloudways inventory, servers, WordPress admin areas, and databases.
The skill clearly documents handling Cloudways account credentials plus server, WordPress, and database secrets, which are powerful credentials but aligned with the Cloudways integration purpose.
- storing Cloudways account auth in the vault - storing server-level master SSH/SFTP credentials - storing app-level SSH, WordPress admin, and DB access secrets
Use least-privilege Cloudways and server credentials, confirm vault storage behavior in the actual implementation, and never package live secrets or configs.
A confirmed write query could change or delete WordPress production data if used incorrectly.
The documented integration can execute database write operations, but the artifacts also describe restrictions, confirmation, dry-run behavior, and audit logging.
Allowed write statements - `INSERT` - `UPDATE` - `DELETE` - `REPLACE` ... exact confirmation text: `RUN WRITE QUERY` ... write attempts are audit logged locally
Only let trusted operators run write queries, review SQL carefully, keep backups, and verify the actual gateway implementation enforces these guardrails.
Running the actual integration may launch browser automation and network SSH/DB tests against configured Cloudways resources.
The guide documents browser automation and SSH-testing helpers in the referenced integration; this is expected for DB/SSH access checks but should be understood before use.
- DB Manager automation uses Playwright Chromium - SSH testing uses Python + Paramiko
Use the automation only for intended Cloudways targets and verify dependencies and prompts in the actual implementation before running tests.
A user or agent may not have that local file, and safety/behavior details in external code or local references are not reviewed here.
The documentation references a local developer path outside this skill package, so that supporting material is not verifiable from the provided artifacts.
The OpenClaw workspace already keeps a local Cloudways API reference copy at: `/home/charl/.openclaw/workspace/skills/cloudways-wordpress-review/references/cloudways-api.md`
Rely on repository-tracked source files and official Cloudways documentation instead of personal local paths, and review the actual built-in integration code before relying on it.