Is lucassynnott/cloudflare-api safe?

https://github.com/openclaw/skills/tree/main/skills/lucassynnott/cloudflare-api

98
SAFE

This is a legitimate Cloudflare API wrapper skill that provides standard DNS and tunnel management functionality. The skill contains executable shell scripts that implement proper API calls to api.cloudflare.com and requires user-provided API credentials.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (2)

LOW Contains executable shell scripts -5

The skill includes multiple shell scripts that will execute when invoked by the user. While they appear to implement legitimate Cloudflare API functionality, users should review scripts before execution.

LOW Manages critical DNS and tunnel infrastructure -10

The skill provides functionality to modify DNS records and create tunnels, which could impact network infrastructure if misused. However, these are legitimate Cloudflare features requiring proper user credentials and explicit invocation.