Domain Dns Ops
SuspiciousAudited by ClawScan on May 1, 2026.
Overview
The skill matches DNS operations, but it can use local Cloudflare and registrar credentials to make live domain and security-setting changes, so it should be reviewed before use.
Install or invoke this only if you intend the agent to help with live DNS and registrar administration. Before using it, verify the ~/Projects/manager repo and scripts, ensure Cloudflare and registrar tokens are narrowly scoped, and require the agent to confirm each domain, account, intended change, and rollback path before making changes.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or overbroad action could reroute a domain, break HTTPS or redirects, change public traffic behavior, or disable a Cloudflare bot-protection setting.
These are direct registrar and Cloudflare mutation paths that can reroute domains, alter redirects, deploy/bind routes, or disable a Cloudflare protection setting. The artifacts do not provide an explicit confirmation gate for these account changes comparable to the separate 'Push only when explicitly asked' git guardrail.
If registrar = Namecheap: `cd ~/Projects/manager && source profile && bin/namecheap-set-ns example.com ...`; ... Page Rules: use the `cli4 --post ... /pagerules` template; ... `bin/cloudflare-ai-bots disable`.
Require explicit user approval for each live registrar or Cloudflare mutation, including the domain, account, intended change, and rollback plan; prefer dry-run/status checks before applying changes.
The agent may operate with whatever Cloudflare or registrar privileges are present in the user's shell profiles, which could include broad authority over domains and account settings.
The skill instructs use of ambient local profile files and API tokens for Cloudflare and registrar operations. The supplied metadata declares no required credentials or environment variables, and the artifacts do not bound token scopes or which account authority may be used.
`source ~/.profile` (prefer `CLOUDFLARE_API_TOKEN`; `CF_API_TOKEN` fallback) ... `cd ~/Projects/manager && source profile && bin/namecheap-set-ns ...`
Declare the required credentials and minimum scopes, avoid sourcing broad shell profiles when possible, use narrowly scoped tokens, and confirm the active account and domain before any write operation.
The safety of the skill depends heavily on the contents and current state of ~/Projects/manager, including helper scripts that may use credentials and make live changes.
The main behavior depends on local repo scripts and documents that are not part of the supplied skill artifacts. This is disclosed and purpose-aligned, but users need to trust and review that local repo because it drives the actual account operations.
This skill is a thin router: use `~/Projects/manager` as truth, run the repo scripts, follow the checklists.
Inspect and maintain ~/Projects/manager, especially bin/namecheap-set-ns, bin/cloudflare-ai-bots, DNS.md, and redirect-worker files, before relying on this skill for live domain operations.