v1.0.0

Cloudflare Dns

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:31 AM.

Analysis

The skill appears to match its Cloudflare DNS purpose, but it can change or delete live DNS records with a Cloudflare token and has no built-in confirmation guardrails.

GuidanceUse this skill only if you want the agent to manage Cloudflare DNS. Before using create, update, delete, or DDNS, verify the zone, record ID, and exact record value, and use a Cloudflare token scoped to only the necessary zone. Be especially cautious with cron-based DDNS because it will continue making updates until removed.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

scripts/cf-dns.sh

result=$(cf_api POST "/zones/$zone_id/dns_records" "$data") ... result=$(cf_api PUT "/zones/$zone_id/dns_records/$record_id" "$data") ... result=$(cf_api DELETE "/zones/$zone_id/dns_records/$record_id")

The script directly creates, updates, and deletes Cloudflare DNS records. These operations are purpose-aligned, but the provided code path does not include a confirmation prompt, dry run, rollback, or additional safety check before live DNS mutation.

User impactA mistaken or autonomous invocation could take a site offline, break email delivery, expose an origin, or remove a needed DNS record.

RecommendationRequire explicit user confirmation before create, update, delete, or DDNS changes; show the zone, record name, record ID, old value, and new value; and consider adding a dry-run mode.

Rogue Agents

SeverityLowConfidenceHighStatusNote

SKILL.md

# Run periodically via cron
cf-dns.sh ddns --domain example.com --name home

The skill suggests scheduled DDNS operation via cron. This persistence is disclosed and purpose-aligned, but it means DNS updates can continue after initial setup.

User impactA cron-based DDNS setup could keep changing a DNS record automatically until the scheduled job is removed.

RecommendationOnly add the cron job deliberately, document where it is installed, and remove it when DDNS is no longer needed.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

export CF_API_TOKEN="your-api-token" ... Create Token → "Edit zone DNS" template.

The skill requires a Cloudflare API token with DNS edit privileges. This is expected for the stated purpose, but it is sensitive account authority and the registry metadata declares no primary credential or required environment variable.

User impactAn over-scoped or leaked token could allow DNS records in the Cloudflare account to be changed or deleted.

RecommendationUse a least-privilege Cloudflare token scoped only to the needed zone and DNS permissions, avoid global API keys, and revoke or rotate the token when it is no longer needed.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

scripts/cf-dns.sh

curl -s https://api.ipify.org || curl -s https://ifconfig.me

The DDNS function contacts third-party public-IP lookup services. This is purpose-aligned for DDNS, but it discloses the network's public IP to those services and the exact providers are not named in the SKILL.md setup section.

User impactUsing DDNS will reveal the user's public IP address to the lookup provider and then update a Cloudflare DNS record with that IP.

RecommendationUse DDNS only when intended, and replace the IP lookup endpoint with a trusted provider if public-IP disclosure is a concern.