ClawHub

Ovh

v1.0.0

Manage OVHcloud services via API. Use when user asks about OVH domains, DNS records, VPS, cloud instances, dedicated servers, email, SSL certificates, or any OVH service management. Supports listing, creating, updating, and deleting resources.

0· 933·0 current·0 all-time
by@pushp1997
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The Python script uses the official ovh client and calls OVH API endpoints for domains, DNS, VPS, cloud projects, dedicated servers, SSL, bills, and orders — this aligns with the skill description. However, the skill registry metadata lists no required environment variables or primary credential even though both the SKILL.md and the script require OVH API credentials.
Instruction Scope
Runtime instructions are limited to exporting OVH environment variables and running the bundled scripts/ovh-cli.py. The SKILL.md and script only interact with the OVH API and do not read unrelated files or network endpoints.
Install Mechanism
There is no install spec; this is instruction-only plus a bundled script. The script depends on the public 'ovh' Python package (the code prints an error advising 'pip install ovh'). No remote downloads or opaque installers are present.
!
Credentials
The script requires OVH_ENDPOINT, OVH_APP_KEY, OVH_APP_SECRET, and OVH_CONSUMER_KEY (and SKILL.md instructs creating a consumer key). Those env vars are necessary for the stated purpose, but the skill registry metadata does not declare them — an inconsistency that could lead to missing permission reviews. Also, those credentials can permit destructive actions (DNS deletes, server reboots, etc.), so tokens should be scoped narrowly; the skill does not enforce or document minimum permission scopes.
Persistence & Privilege
The skill is not always:true, does not install persistent system components, and does not modify other skills or global config. It can be invoked autonomously by agents (platform default) — combined with write-capable credentials this increases risk if misused, but autonomous invocation alone is expected behavior.
What to consider before installing
This skill appears to implement what it claims (it calls only OVH API endpoints), but the package metadata incorrectly omits the required OVH environment variables. Before installing: (1) Review and trust the script source (scripts/ovh-cli.py is included and readable). (2) Create a dedicated OVH consumer key with as-limited permissions as possible (prefer read-only or narrowly scoped write perms for the specific operations you need). (3) Do not supply account-wide or admin-level keys; test first with read-only commands like 'me', 'domains', 'dns <domain>' before performing creates/deletes/reboots. (4) Be cautious if allowing autonomous agent invocation: the agent could call destructive operations using the provided credentials. (5) Ask the publisher to update registry metadata to declare the required environment variables and document recommended minimal scopes — if they cannot, treat the omission as a sign of sloppy packaging and proceed only after manual review.

Like a lobster shell, security has layers — review code before you run it.

latestvk9761v2tz5gv4aps5zj55tfje580vayk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments