dxyz-cPanel

v1.0.0

Manage cPanel hosting accounts via API for version 134.0.11 and compatible versions. Supports account management, DNS zones, email accounts, databases (MySQL...

⭐ 0· 102·0 current·0 all-time

by@picodozbotdoz

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for picodozbotdoz/dxyz-cpanel.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "dxyz-cPanel" (picodozbotdoz/dxyz-cpanel) from ClawHub.
Skill page: https://clawhub.ai/picodozbotdoz/dxyz-cpanel
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install dxyz-cpanel

ClawHub CLI

Package manager switcher

npx clawhub@latest install dxyz-cpanel

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

Name, README, SKILL.md and included scripts all implement cPanel/WHM API operations (accounts, DNS, email, DB, backups). However the registry metadata declares no required environment variables or primary credential even though the runtime explicitly requires CPANEL_HOST and CPANEL_TOKEN (and optionally CPANEL_USER/CPANEL_CONFIG). The missing declaration is an incoherence that could surprise users.

ℹ

Instruction Scope

SKILL.md and scripts instruct the agent to run curl via exec and to read files (e.g., cert.pem for SSL install) and to load a local config (~/.cpanel/config.json). Those actions are consistent with the stated functionality, but they permit reading local files and the local config file—so verify which local files the agent will be asked to access.

✓

Install Mechanism

No install spec or remote downloads; the skill is instruction-plus-local-scripts only. That reduces supply-chain risk because nothing arbitrary is fetched or auto-executed from external URLs during install.

Credentials

Registry claims no required env vars or primary credential, yet all scripts and docs rely on CPANEL_HOST and CPANEL_TOKEN (and optionally CPANEL_USER or a config file path). This mismatch is a material omission: the skill will need a privileged API token which is not advertised in the registry metadata.

✓

Persistence & Privilege

The skill does not request always:true and does not attempt to alter other skills or global agent settings. It includes helper scripts stored in the skill workspace that the agent may execute, which is typical for this kind of skill.

What to consider before installing

Before installing: (1) Expect to provide CPANEL_HOST and CPANEL_TOKEN — the skill needs a cPanel/WHM API token with appropriate ACLs; registry metadata failing to declare those is an omission. (2) Only grant the token the minimal permissions required (e.g., createacct, listaccts, DNS, Email, Mysql) and consider scoping by IP and expiration. (3) Review the included scripts (under scripts/) yourself; they will read ~/.cpanel/config.json (if present) and can read local files (e.g., cert.pem) when you run SSL/install commands. (4) Do not run these scripts with an over-privileged token on production servers until validated in a test/staging environment. (5) Confirm the publisher/source before trusting the skill (homepage is missing and owner ID is unfamiliar). (6) If you proceed, rotate tokens after testing and monitor API usage/logs in WHM for unexpected activity.

Like a lobster shell, security has layers — review code before you run it.

latestvk971mzk5e2htp8gjr0nmqjywj5839j8a

102downloads

0stars

1versions

Updated 1mo ago

v1.0.0

MIT-0

dxyz-cPanel Skill

Manage cPanel hosting accounts via API (version 134.0.11 compatible).

Quick Start

Connect to cPanel API

# Using API token (recommended)
export CPANEL_HOST="https://your-server.com:2087"
export CPANEL_TOKEN="your-api-token"

# Test connection
exec command="curl -s -H 'Authorization: whm $CPANEL_TOKEN' '$CPANEL_HOST/json-api/version' | jq ."

Common Operations

List Accounts:

exec command="curl -s -H 'Authorization: whm $CPANEL_TOKEN' '$CPANEL_HOST/json-api/listaccts?api.version=1' | jq ."

Create Email Account:

exec command="curl -s -H 'Authorization: cpanel $CPANEL_TOKEN' '$CPANEL_HOST/execute/Email/add_pop?email=user&password=secure123&domain=example.com' | jq ."

API Types

API	Purpose	Endpoint Prefix
WHM API	Server admin, account management	`/json-api/`
UAPI	cPanel user operations	`/execute/`
cPanel API 2	Legacy (deprecated)	`/json-api/cpanel2`

Authentication

API Token (Recommended)

Generate in WHM → Development → Manage API Tokens
Use header: Authorization: whm <token> (WHM) or Authorization: cpanel <token> (UAPI)

Basic Auth (Less Secure)

curl -u 'username:password' 'https://server:2087/json-api/...'

Core Operations

Account Management (WHM API)

Create Account:

exec command='curl -s -H "Authorization: whm $CPANEL_TOKEN" "$CPANEL_HOST/json-api/createacct?api.version=1&username=newuser&domain=newdomain.com&password=secure123&plan=default" | jq .'

Suspend/Unsuspend:

# Suspend
exec command='curl -s -H "Authorization: whm $CPANEL_TOKEN" "$CPANEL_HOST/json-api/suspendacct?api.version=1&user=username&reason=non-payment" | jq .'

# Unsuspend
exec command='curl -s -H "Authorization: whm $CPANEL_TOKEN" "$CPANEL_HOST/json-api/unsuspendacct?api.version=1&user=username" | jq .'

Terminate Account:

exec command='curl -s -H "Authorization: whm $CPANEL_TOKEN" "$CPANEL_HOST/json-api/removeacct?api.version=1&user=username" | jq .'

DNS Management (UAPI)

List DNS Zones:

exec command='curl -s -H "Authorization: cpanel $CPANEL_TOKEN" "$CPANEL_HOST/execute/DNS/zone_records?domain=example.com" | jq .'

Add DNS Record:

exec command='curl -s -H "Authorization: cpanel $CPANEL_TOKEN" "$CPANEL_HOST/execute/DNS/add_zone_record?domain=example.com&name=www&type=A&address=192.168.1.1&ttl=3600" | jq .'

Email Management (UAPI)

List Email Accounts:

exec command='curl -s -H "Authorization: cpanel $CPANEL_TOKEN" "$CPANEL_HOST/execute/Email/list_pops?domain=example.com" | jq .'

Create Email Account:

exec command='curl -s -H "Authorization: cpanel $CPANEL_TOKEN" "$CPANEL_HOST/execute/Email/add_pop?email=newuser&password=secure123&domain=example.com&quota=250" | jq .'

Set Email Forwarder:

exec command='curl -s -H "Authorization: cpanel $CPANEL_TOKEN" "$CPANEL_HOST/execute/Email/add_forwarder?domain=example.com&email=user&fwdopt=fwd&fwdemail=dest@example.org" | jq .'

Database Management (UAPI)

Create MySQL Database:

exec command='curl -s -H "Authorization: cpanel $CPANEL_TOKEN" "$CPANEL_HOST/execute/Mysql/create_database?name=mydb" | jq .'

Create MySQL User:

exec command='curl -s -H "Authorization: cpanel $CPANEL_TOKEN" "$CPANEL_HOST/execute/Mysql/create_user?name=myuser&password=secure123" | jq .'

Grant Privileges:

exec command='curl -s -H "Authorization: cpanel $CPANEL_TOKEN" "$CPANEL_HOST/execute/Mysql/set_privileges_on_database?user=myuser&database=mydb&privileges=ALL%20PRIVILEGES" | jq .'

SSL Certificates (UAPI)

List SSL Certificates:

exec command='curl -s -H "Authorization: cpanel $CPANEL_TOKEN" "$CPANEL_HOST/execute/SSL/list_certs" | jq .'

Install Let's Encrypt:

exec command='curl -s -H "Authorization: cpanel $CPANEL_TOKEN" "$CPANEL_HOST/execute/SSL/install_ssl?domain=example.com&cert=$(cat cert.pem | jq -sR .)&key=$(cat key.pem | jq -sR .)" | jq .'

File Operations (UAPI)

List Files:

exec command='curl -s -H "Authorization: cpanel $CPANEL_TOKEN" "$CPANEL_HOST/execute/Fileman/list_files?dir=public_html" | jq .'

Upload File:

exec command='curl -s -H "Authorization: cpanel $CPANEL_TOKEN" "$CPANEL_HOST/execute/Fileman/upload_files?dir=public_html&file-1=@localfile.txt" | jq .'

Backup Operations (WHM API)

Create Account Backup:

exec command='curl -s -H "Authorization: whm $CPANEL_TOKEN" "$CPANEL_HOST/json-api/backupacct?api.version=1&user=username" | jq .'

Restore Account:

exec command='curl -s -H "Authorization: whm $CPANEL_TOKEN" "$CPANEL_HOST/json-api/restoreacct?api.version=1&user=username" | jq .'

Scripts

The skill includes helper scripts:

scripts/cpanel_api.sh - Generic API caller with error handling
scripts/create_account.sh - Create hosting account
scripts/manage_dns.sh - DNS zone management
scripts/manage_email.sh - Email account operations
scripts/manage_database.sh - MySQL/PostgreSQL operations
scripts/backup_account.sh - Backup/restore operations

Execute scripts using exec tool:

exec command="bash ~/.picoclaw/workspace-default/skills/dxyz-cpanel/scripts/cpanel_api.sh listaccts"

References

Load reference files using read_file tool when needed:

API Reference: references/api-reference.md - Complete API endpoint reference
WHM API: references/whm-api.md - WHM API 1 documentation
UAPI: references/uapi.md - UAPI module reference
Error Codes: references/error-codes.md - Common errors and solutions
Version 134 Changes: references/version-134-changes.md - What's new in 134.0.11

Configuration

Environment Variables

CPANEL_HOST="https://your-server.com:2087"  # WHM port
CPANEL_TOKEN="your-api-token"                # API token
CPANEL_USER="root"                           # WHM username

Config File

Create ~/.cpanel/config.json:

{
  "host": "https://your-server.com:2087",
  "token": "your-api-token",
  "default_plan": "default",
  "default_quota": 1000,
  "default_bwlimit": 10000
}

Version Compatibility

This skill supports:

cPanel 134.0.11 (primary target)
cPanel 134.x.x (all 134 minor versions)
cPanel 130.x - 133.x (backward compatible, some features may differ)

Version-Specific Notes

134.0.11: Current target version
134.0.x: API stable, minor bug fixes
134.1.x: Feature additions, API backward compatible
Pre-134: Some UAPI modules may differ

Best Practices

Use API Tokens: More secure than basic auth
Rate Limiting: Max 100 requests/minute for WHM API
Error Handling: Check metadata.result for status
Idempotency: Use api.version=1 for consistent responses
Logging: Enable API logs in WHM for audit trail
Backups: Always backup before destructive operations

Common Errors

Error	Cause	Solution
`Access denied`	Invalid token/permissions	Regenerate token, check ACL
`Account exists`	Duplicate username	Use different username
`Invalid domain`	Domain format/syntax	Check DNS, use FQDN
`Quota exceeded`	Disk limit reached	Increase quota or cleanup

Security Notes

Store API tokens securely (use environment variables or encrypted config)
Use HTTPS (port 2087 for WHM, 2083 for cPanel)
Limit API token permissions via ACL
Enable two-factor authentication for WHM access
Audit API token usage regularly

Comments

Loading comments...