Domain/DNS ops across Cloudflare, DNSimple, Namecheap for Peter. Use for onboarding zones to Cloudflare, flipping nameservers, setting redirects (Page Rules/Rulesets/Workers), updating redirect-worker mappings, and verifying DNS/HTTP. Source of truth: ~/Projects/manager.
Security Analysis
medium confidenceThe skill's purpose (domain/DNS ops) matches its instructions, but the metadata omits required binaries, local paths, and credentials the instructions explicitly reference — that's an incoherence that could lead to accidental secret exposure or unintended changes.
The name/description (Cloudflare, DNSimple, Namecheap ops) is coherent with the runtime instructions, but the skill metadata declares no required binaries, no env vars, and no config paths while the instructions repeatedly rely on local repo scripts (~/Projects/manager), CLI tools (cli4, rg), and environment tokens. The absence of these declarations is a mismatch: a domain ops skill legitimately needs access to API tokens and repo scripts, so the metadata should list them.
SKILL.md directs the agent to read and run from the user's home repo (~/Projects/manager), source profiles (~/.profile and ./profile), run repo bin scripts (bin/namecheap-set-ns, bin/cloudflare-ai-bots), call cli4, run dig/curl, and run git commands. These are expected for DNS ops, but they involve reading local files and environment variables and executing actions that can modify DNS, push commits, or change nameservers. The instructions also reference tokens (CLOUDFLARE_API_TOKEN / CF_API_TOKEN) even though the skill metadata doesn't declare them.
No install spec (instruction-only) — lowers installer risk because nothing is written by the skill package itself. However, the skill assumes pre-existing local tooling and a personal repo; the security surface is the user's environment rather than installed package files.
The skill metadata lists no required environment variables, but SKILL.md explicitly instructs the agent to prefer CLOUDFLARE_API_TOKEN (with CF_API_TOKEN fallback) and relies on credentials in ~/Projects/manager/profile for Namecheap / DNSimple. This omission is significant: the skill will access sensitive tokens and profile files without those credentials being declared, making it unclear what secrets the agent will read or require.
always:false (good). The skill is user-invocable and allows autonomous invocation (platform default). While that alone is normal, autonomous execution combined with the instruction-level access to local tokens and repo scripts increases blast radius — an agent invoked without careful limits could run commands that touch DNS, commit/push code, or reveal secrets.
Guidance
This skill appears to do what it says (manage DNS and Cloudflare for a personal repo), but its metadata fails to declare the local paths, CLI tools, and API tokens the instructions use. Before installing or allowing autonomous use: 1) Confirm ~/Projects/manager exists and review every script it calls (bin/*, redirect-worker, profile) so you know what will run and what secrets those scripts read. 2) Require the skill metadata be updated to declare required env vars (CLOUDFLARE_API_TOKEN, CF_API_TOKEN, and any Namecheap/DNSimple creds) and required binaries (cli4, rg, dig, curl, git) so approvals are informed. 3) Limit the agent to user-invoked only (disable autonomous invocation) until you trust it, and disallow automatic git push or nameserver flips without explicit human confirmation. 4) Use least-privilege tokens scoped to only the needed Cloudflare/registrar operations, and rotate tokens after testing. If you cannot review the referenced repo scripts and the profile file, treat this skill as high-risk and do not enable it for autonomous runs.
Latest Release
v1.0.0
More by @steipete
Published by @steipete on ClawHub
