Ovh
ReviewAudited by ClawScan on May 10, 2026.
Overview
This OVH integration is coherent, but it needs review because it can directly change DNS and power-cycle servers using powerful OVH API credentials.
Install only if you are comfortable giving the agent OVH API access. Prefer a dedicated, least-privilege OVH token, manually approve any DNS or server mutation, and be careful with billing/order/account outputs because they may contain private information.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An accidental or overly broad invocation could disrupt production DNS, make services unreachable, or reboot/stop infrastructure.
The script directly performs destructive or disruptive OVH API operations such as deleting DNS records and stopping or rebooting servers. These are purpose-aligned, but the artifact does not show confirmation, dry-run, or approval safeguards before executing them.
client.delete(f'/domain/zone/{args.domain}/record/{args.record_id}') ... client.post(f'/vps/{args.name}/stop') ... client.post(f'/dedicated/server/{args.name}/reboot')Use least-privilege OVH tokens, review every mutating command before execution, and consider adding confirmation or dry-run safeguards for create/update/delete/reboot/stop actions.
If the token is over-scoped, the agent could access or modify more OVH account resources than intended.
The skill requires delegated OVH API credentials. This is expected for OVH management, but those credentials can be powerful depending on the permissions granted.
export OVH_APP_KEY="your-app-key" ... export OVH_APP_SECRET="your-app-secret" ... export OVH_CONSUMER_KEY="your-consumer-key"
Create a dedicated OVH consumer key with only the minimum API permissions needed for the specific task, and avoid reusing broad administrative credentials.
Manual installation of an unpinned package can introduce dependency or provenance risk.
The script relies on an external `ovh` Python package, but the skill has no install spec or pinned dependency version. This is expected for an OVH API client, but users should install it from a trusted source.
except ImportError:
print("Error: pip install ovh", file=sys.stderr)Pin the expected `ovh` package version in an install specification or document the trusted package source clearly.