ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

SSL Certificate Manager

v1.0.0

Automate SSL certificate generation and management with DNS challenge validation and certificate provisioning.

0· 100·0 current·0 all-time
byToolWeb@krishnakumarmahadevan-cmd
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description match the provided endpoints (dns-challenge, generate-certificate, debug, download). However, a real certificate management API normally requires explicit authentication, a base URL/server, and integration details for DNS or DNS-provider APIs; none are declared. The absence of required credentials or configuration is unexpected for this capability but could be a minimal or local-only stub.
!
Instruction Scope
SKILL.md instructs calling endpoints that can issue certificates and download private keys, but it does not (a) specify the API base URL or auth method, (b) provide secure handling guidance for private keys, or (c) limit where downloaded keys should be stored or transmitted. The instructions are otherwise limited to HTTP API use and DNS TXT record guidance; they do not request reading local files or unrelated system data.
Install Mechanism
This is an instruction-only skill with no install spec and no code to write to disk, which is low-risk from an installation standpoint.
!
Credentials
The skill declares no required environment variables or credentials. That is unusual for a certificate provisioning API that issues private keys and certificates — typically some form of auth (API key, token) or DNS-provider credentials would be required. The lack of declared secrets or auth is an unexplained omission and increases the chance the skill is incomplete or misdocumented.
Persistence & Privilege
The skill does not request permanent presence (always:false) and does not declare permissions to modify other skills or system settings. Agent autonomy is enabled by default (not a unique risk here).
What to consider before installing
This skill appears to describe a certificate-management API but omits critical operational details. Before installing or using it: 1) Ask the publisher for the API base URL and authentication method — do not assume requests are to a trusted host. 2) Confirm how private keys are handled: never fetch or store private.key into shared agent logs or third-party endpoints; require secure, private storage and transport (HTTPS, access controls). 3) Verify the provider's identity and reputation (homepage, documentation, TLS certs for the API host). 4) Prefer skills that explicitly declare required credentials (API key or OAuth) and include a servers field in openapi.json. 5) If uncertain, avoid using the download endpoint through the agent; manage private keys via your own infrastructure or vetted tooling. These gaps could be benign (incomplete docs or a local-only stub) but also could mask misuse — proceed only after clarifying the missing pieces.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a0bfatc73kvhxz655daf0cx83ed0z
100downloads
0stars
1versions
Updated 3w ago
v1.0.0
MIT-0
ToolWeb@krishnakumarmahadevan-cmd
latest
Download

Overview

Simple SSL Certificate Manager is a streamlined API for automating SSL/TLS certificate lifecycle management. Built for security professionals and DevOps teams, it enables DNS-based domain validation, certificate generation via industry-standard protocols, and secure certificate delivery. The platform handles the complexity of certificate provisioning, allowing you to focus on securing your infrastructure.

This tool is ideal for organizations managing multiple domains, implementing Infrastructure-as-Code practices, or automating certificate renewals across distributed systems. With support for staging environments and flexible email validation, it accommodates both development and production workflows.

The API follows a two-step workflow: first generate DNS challenge records for domain ownership verification, then request certificate generation after DNS records are confirmed in place. Built-in debugging capabilities help troubleshoot DNS configuration issues.

Usage

DNS Challenge Generation

First, generate DNS challenge data for domain validation:

POST /dns-challenge
Content-Type: application/json

{
  "domain": "example.com",
  "email": "admin@example.com"
}

Sample Response:

{
  "domain": "example.com",
  "challenge_token": "abc123xyz789",
  "dns_record_type": "TXT",
  "dns_record_name": "_acme-challenge.example.com",
  "dns_record_value": "abc123xyz789_validation_string",
  "challenge_expires_at": "2025-01-15T14:30:00Z"
}

Certificate Generation

After DNS records are in place, request certificate generation:

POST /generate-certificate
Content-Type: application/json

{
  "domain": "example.com",
  "email": "admin@example.com",
  "confirmed": true,
  "staging": false
}

Sample Response:

{
  "certificate_id": "cert_67890abcde",
  "domain": "example.com",
  "status": "issued",
  "issued_at": "2025-01-15T14:35:00Z",
  "expires_at": "2026-01-15T14:35:00Z",
  "certificate_name": "example_com_2025",
  "download_url": "/download/example_com_2025/certificate.pem"
}

Debug DNS Configuration

Verify DNS setup before certificate generation:

GET /debug/example.com

Sample Response:

{
  "domain": "example.com",
  "dns_records": [
    {
      "name": "_acme-challenge.example.com",
      "type": "TXT",
      "value": "abc123xyz789_validation_string",
      "status": "verified",
      "ttl": 300
    }
  ],
  "validation_status": "success",
  "checked_at": "2025-01-15T14:33:00Z"
}

Endpoints

GET /

Summary: Root
Description: API information and status endpoint.

Parameters: None

Response: Empty JSON object confirming API availability.

GET /health

Summary: Health Check
Description: Verify API service health and readiness.

Parameters: None

Response: Health status confirmation.

POST /dns-challenge

Summary: Create DNS Challenge
Description: Generate DNS challenge data for manual domain ownership verification.

Parameters:

  • domain (string, required): The domain name to validate (e.g., example.com)
  • email (string, email format, required): Contact email for certificate issuance

Response Shape:

{
  "domain": string,
  "challenge_token": string,
  "dns_record_type": string,
  "dns_record_name": string,
  "dns_record_value": string,
  "challenge_expires_at": string (ISO 8601 datetime)
}

POST /generate-certificate

Summary: Generate Certificate
Description: Generate SSL certificate after DNS verification is confirmed.

Parameters:

  • domain (string, required): The domain name for certificate issuance
  • email (string, email format, required): Contact email for the certificate
  • confirmed (boolean, optional, default: false): Set to true after DNS records are verified
  • staging (boolean, optional, default: false): Use staging certificates for testing

Response Shape:

{
  "certificate_id": string,
  "domain": string,
  "status": string,
  "issued_at": string (ISO 8601 datetime),
  "expires_at": string (ISO 8601 datetime),
  "certificate_name": string,
  "download_url": string
}

GET /download/{cert_name}/{filename}

Summary: Download Certificate
Description: Download generated certificate files (PEM, key, chain).

Parameters:

  • cert_name (string, required): Certificate identifier (from generation response)
  • filename (string, required): File to download (certificate.pem, private.key, or chain.pem)

Response: Binary certificate file content or JSON error.

GET /debug/{domain}

Summary: Debug Domain
Description: Inspect DNS configuration and validation status for a domain.

Parameters:

  • domain (string, required): Domain name to debug (e.g., example.com)

Response Shape:

{
  "domain": string,
  "dns_records": [
    {
      "name": string,
      "type": string,
      "value": string,
      "status": string,
      "ttl": integer
    }
  ],
  "validation_status": string,
  "checked_at": string (ISO 8601 datetime)
}

Pricing

PlanCalls/DayCalls/MonthPrice
Free550Free
Developer20500$39/mo
Professional2005,000$99/mo
Enterprise100,0001,000,000$299/mo

About

ToolWeb.in - 200+ security APIs, CISSP & CISM, platforms: Pay-per-run, API Gateway, MCP Server, OpenClaw, RapidAPI, YouTube.

References

Comments

Loading comments...