Shlink CLI
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only skill is coherent for installing and using a Shlink CLI, but users should notice that it uses a Shlink API key, can change short-link data, and builds software from GitHub.
Install this only if you intend to manage a Shlink instance from the CLI. Before building from GitHub, make sure you trust the repository or pin a known commit, and keep SHLINK_API_KEY private. Be especially careful with update or delete operations because they can affect live short links and redirects.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used carelessly, commands could alter or delete short links or redirect behavior in the user's Shlink instance.
The skill explicitly supports Shlink operations that can change or remove live service data, including short URLs and domain redirects.
- Create, list, update, or delete short URLs - Manage tags, visits, domain redirects, or health checks
Confirm the target Shlink instance and review update/delete actions before running them, especially for public or production links.
Anyone with the API key may be able to perform actions allowed by that key against the Shlink instance.
The skill requires a Shlink API key and instance URL, which are expected for the stated purpose but grant delegated access to the user's Shlink service.
export SHLINK_BASE_URL="https://your-shlink-instance.example.com" export SHLINK_API_KEY="your-api-key-here"
Use the least-privileged Shlink API key available, avoid pasting full keys into shared chats or logs, and rotate the key if it is exposed.
Building and installing code from a remote repository can introduce whatever behavior exists in that repository or its dependencies.
The install path builds a CLI from a GitHub repository and fetches Go dependencies. This is aligned with the skill's installation purpose, but it relies on external source and dependency provenance.
git clone https://github.com/ParinLL/shlink-cli.git cd shlink-cli go mod tidy go build -o shlink-cli .
Review the repository, prefer a pinned release or commit, and avoid the optional sudo/global install unless you trust the built binary.