ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

CDN

v1.0.1

Configure, optimize, and troubleshoot CDN deployments with caching strategies, security hardening, and multi-provider management.

2· 758·4 current·4 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description align with the files (caching, providers, security, troubleshooting). Minor inconsistency: the registry metadata lists no required binaries or env vars, yet the docs include examples using provider CLIs and env vars (e.g., $CF_TOKEN, $BUNNY_API_KEY, aws CLI). This is expected for a CDN guide, but the skill does not declare those prerequisites.
Instruction Scope
SKILL.md and associated files stay within CDN setup, optimization, and debugging. They include executable examples (curl, aws CLI, iptables, openssl) and show how to use API tokens and secret headers. The docs do not instruct wide-ranging data collection or exfiltration, but several examples assume the agent or user will run privileged commands (iptables) or use API keys — actions that have side effects and require care.
Install Mechanism
Instruction-only skill with no install spec and no code files. Nothing is written to disk or downloaded by the skill itself, which is the lowest-risk install profile.
Credentials
The skill declares no required credentials, which is proportional. However example snippets reference provider tokens and CLI usage ($CF_TOKEN, $BUNNY_API_KEY, aws CLI). This is appropriate for real-world CDN tasks but means the user/agent will need to supply credentials externally if they follow those examples — the skill itself does not request or store them.
Persistence & Privilege
always is false and the skill is user-invocable. As an instruction-only skill it does not request persistent presence or modify other skills or global agent settings.
Assessment
This skill is a coherent, text-only CDN playbook — it won't install code or request secrets by itself. Before using it: (1) don't paste API keys or secret tokens into public chats; the docs include example env vars (e.g., $CF_TOKEN, $BUNNY_API_KEY) that you must keep private and provide only to trusted tooling. (2) Many examples assume CLIs (curl, aws, fastly) and privileged actions (iptables); run those commands yourself on the appropriate host rather than letting an agent execute them autonomously. (3) The skill's firewall/iptables examples and origin-protection steps can block traffic if applied incorrectly — validate commands in a safe environment. If you plan to let an agent act with your provider credentials, limit its scope (least privilege) and audit any API calls.

Like a lobster shell, security has layers — review code before you run it.

latestvk970xmsk7g65bjjzeb8s9mtczh81259t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments