ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Buy Domain Helper

3-layer site launcher: tunnel any HTML instantly (no account), deploy to Cloudflare Pages (permanent), then buy a domain and link it via DNS. Use when a user...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 27 · 0 current installs · 0 all-time installs
byTony Kim@wohaoshuai
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, SKILL.md and site.js all align: the script tunnels local content, deploys to Cloudflare Pages, and links domains via DNS. Required binaries (node, cloudflared, wrangler) are reasonable for that purpose. However the registry metadata lists required binaries as already present while SKILL.md and site.js state cloudflared can be auto-installed via Homebrew — a small inconsistency in expectations.
!
Instruction Scope
SKILL.md and site.js instruct the agent to install/run tools (brew install cloudflared, npx -y serve, wrangler) and to accept Cloudflare API tokens from the user. The instructions reference environment variables (CF_API_TOKEN, CF_ACCOUNT_ID) and request users to paste tokens, but the registry's requires.env is empty — an inconsistency. The runtime will execute commands that download/execute third‑party code (npx) and call Cloudflare APIs; this is within the stated feature set but broad in scope and should be obvious to the user.
!
Install Mechanism
There is no formal install spec. At runtime the script may run Homebrew to install cloudflared and uses `npx -y serve` which fetches packages from npm on demand. Those are network-driven installs/execs (Homebrew, npm) and are not declared in a package install section — this increases the attack surface compared to an instruction-only skill that does not fetch code at runtime.
Credentials
The Cloudflare API tokens and account ID requested are appropriate and necessary for Pages/DNS operations. But the skill metadata declares no required env vars while the code reads process.env.CF_API_TOKEN and CF_ACCOUNT_ID; that mismatch should be corrected. The skill reasonably requests scoped tokens (Pages edit, Zone DNS edit) per SKILL.md, which is proportionate if the user creates minimum-scope tokens.
Persistence & Privilege
The skill is not always-enabled, does not request system-wide persistence, and does not modify other skills or agent configuration. It runs commands when invoked, which is expected for this type of helper.
What to consider before installing
This skill appears to do what it says (tunnel, deploy to Cloudflare Pages, link a domain) but be aware of these points before installing: - The script will try to install or invoke external tools at runtime (Homebrew to install cloudflared if missing, `npx -y serve` which downloads from npm, and `wrangler` must be present). Those runtime downloads execute third‑party code — only run in an environment you control. - The skill asks for Cloudflare API tokens (Pages and Zone/DNS scopes). Create minimal-scope, per-account/zone tokens (avoid giving broad account-wide keys). Do not paste highly privileged or long-lived keys you rely on elsewhere. - Metadata inconsistencies: the registry says no env vars required but the code reads CF_API_TOKEN and CF_ACCOUNT_ID; the registry also lists required binaries yet the script auto-installs cloudflared. Treat these as indicators of incomplete metadata rather than immediate malicious intent, but verify expectations before use. - If you trust the GitHub repo/author and are comfortable with Homebrew/npm operations, the tool is coherent for the stated purpose. Otherwise, inspect site.js locally, run it in an isolated environment, and only provide scoped Cloudflare tokens.
site.js:67
Shell command execution detected (child_process).
site.js:43
Environment variable access combined with network send.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.1
Download zip
latestvk97c8qkxdtj1t8842wfyrh8f3n831vk2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🌐 Clawdis
Binsnode, cloudflared, wrangler

SKILL.md

Buy Domain Helper

3 layers — pick the depth that fits the user's need:

LayerWhat it doesNeeds
1 — TunnelInstant public URL for any local dir or portNothing (cloudflared auto-installs)
2 — PagesPermanent hosting on *.pages.devCloudflare account + Pages token
3 — DomainCustom domain linked to Pages via DNSDomain purchased + DNS token

Helper script

node site.js <command> [--token CF_API_TOKEN] [--account CF_ACCOUNT_ID]
CommandLayerDescription
tunnel <dir|port>1Instant public URL via Cloudflare Tunnel
deploy <name> <dir>2Deploy to Cloudflare Pages
zone <domain>3Get zone ID for a domain
dns-link <zone-id> <project>3Add CNAME pointing domain to Pages
pages-domain <project> <domain>3Attach custom domain to Pages project
domain-check <domain>3Check availability on Cloudflare Registrar

Setup

  • Layer 1: No setup. cloudflared installs automatically via Homebrew if missing.
  • Layer 2: Needs a Cloudflare API token with Account > Cloudflare Pages > Edit permission.
  • Layer 3: Needs a separate token with Zone > DNS > Edit permission for the specific domain.

Create tokens at: https://dash.cloudflare.com/profile/api-tokens

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…