ClawHub

Cloudflare Dns

Manage Cloudflare DNS records via API. Use when user asks to list, create, update, or delete DNS records, set up DDNS, manage domains on Cloudflare, or check DNS propagation. Supports A, AAAA, CNAME, TXT, MX, and other record types.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 813 · 2 current installs · 2 all-time installs
by@pushp1997
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Name/description match the script's behavior: listing, creating, updating, deleting DNS records and DDNS via Cloudflare API. However, the registry metadata lists no required environment variables or primary credential while the script requires CF_API_TOKEN (and optionally CF_ZONE_ID). The primary credential should be declared.
!
Instruction Scope
SKILL.md and the script instruct the agent to call Cloudflare API and public IP services (api.ipify.org, ifconfig.me) which is expected. But the script calls external binaries (curl and jq) that are not declared as required in metadata; the script also reads CF_API_TOKEN from the environment though the skill metadata does not declare it. Instructions do not read unrelated files or exfiltrate to unexpected endpoints.
Install Mechanism
No install spec (instruction-only bundle with a script) — nothing is downloaded at install time. The script is bundled in the skill, which is lower-risk than fetching remote install artifacts.
!
Credentials
The script legitimately needs CF_API_TOKEN and optionally CF_ZONE_ID. The skill metadata, however, lists no required env vars or primary credential. That omission is disproportionate and could mislead users into installing without providing required tokens or understanding the sensitive credential scope.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system-wide settings, and has no persistent presence beyond the bundled script. Autonomous invocation is allowed (platform default) but not combined with other high-risk attributes here.
What to consider before installing
This skill's code matches the Cloudflare DNS purpose, but the metadata omits important requirements. Before installing: 1) Confirm the skill author and source (homepage is missing). 2) Expect to provide a CF_API_TOKEN (the script will fail without it); ensure the token has least privilege (use Cloudflare's 'Edit zone DNS' template, not your global API key). 3) Ensure your environment has curl and jq available (script depends on them). 4) Review the bundled scripts locally to verify behavior (they call api.cloudflare.com and public IP services api.ipify.org/ifconfig.me — expected for DDNS). 5) Consider running the skill in a restricted/containerized environment or audit network calls if you must supply real credentials. 6) Ask the publisher to update the registry metadata to declare CF_API_TOKEN as the primary credential and to list required binaries (curl, jq) before you proceed.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97c9mrnq6xwpa7bx1n4w0sgk980vc5y

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Cloudflare DNS

Manage DNS records via Cloudflare API using the bundled cf-dns.sh script.

Setup

Store credentials in environment or pass via flags:

export CF_API_TOKEN="your-api-token"
export CF_ZONE_ID="your-zone-id"       # optional, can auto-detect from domain

Get API token: Cloudflare Dashboard → My Profile → API Tokens → Create Token → "Edit zone DNS" template.

Get Zone ID: Cloudflare Dashboard → select domain → Overview → right sidebar "Zone ID".

Usage

The script is at scripts/cf-dns.sh. All commands:

# List zones (find zone ID)
cf-dns.sh zones

# List all records for a zone
cf-dns.sh list <zone_id>
cf-dns.sh list --domain example.com

# Get specific record
cf-dns.sh get <zone_id> <record_id>

# Create record
cf-dns.sh create <zone_id> --type A --name www --content 1.2.3.4 [--ttl 300] [--proxied]
cf-dns.sh create <zone_id> --type CNAME --name blog --content example.com
cf-dns.sh create <zone_id> --type TXT --name @ --content "v=spf1 ..."
cf-dns.sh create <zone_id> --type MX --name @ --content mail.example.com --priority 10

# Update record
cf-dns.sh update <zone_id> <record_id> --content 5.6.7.8 [--ttl 600] [--proxied]

# Delete record
cf-dns.sh delete <zone_id> <record_id>

# DDNS: update A record to current public IP
cf-dns.sh ddns <zone_id> --name home
cf-dns.sh ddns --domain example.com --name home

Common Patterns

Add subdomain pointing to IP:

cf-dns.sh create <zone_id> --type A --name subdomain --content 203.0.113.50 --proxied

Set up email (MX + SPF):

cf-dns.sh create <zone_id> --type MX --name @ --content mail.example.com --priority 10
cf-dns.sh create <zone_id> --type TXT --name @ --content "v=spf1 include:_spf.google.com ~all"

Dynamic DNS for home server:

# Run periodically via cron
cf-dns.sh ddns --domain example.com --name home

Notes

  • --proxied enables Cloudflare proxy (orange cloud) — hides origin IP, adds CDN
  • TTL in seconds; use 1 for "Auto" when proxied
  • @ means root domain
  • Script outputs JSON; pipe to jq for parsing

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…