← Back to Skills Marketplace
Octodns
by
Mark E. Jeftovic
· GitHub ↗
· v0.1.2
· MIT-0
400
Downloads
1
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install octodns-skill
Description
Manage DNS zones across multiple providers using octoDNS ("DNS as code"). Use when you need to (1) manage DNS records in YAML format, (2) sync DNS zones betw...
Usage Guidance
Do not install blindly. Key concerns: (1) The registry metadata claims no credentials required, but the skill expects provider API keys (easyDNS, AWS, Cloudflare, etc.) and credential JSON files in a local .credentials directory — verify where you will store these and whether you want this skill to access them. (2) Several scripts use a hard-coded path (/Users/markjr/clawd/.credentials) and load credentials from JSON files — inspect and edit these scripts before running; change any absolute paths to a safe location you control. (3) The skill's automation (cron/webhook/CI examples) invokes sync operations that can DELETE many DNS records if the YAML lacks them — always run dump + preview and never run scripts/sync.sh --doit on production until you've confirmed the workflow. (4) The webhook example runs a Flask server that will apply updates it receives; do not expose that to untrusted networks. (5) If you proceed, run everything in an isolated environment, review and edit scripts (especially load_credentials.sh and setup.sh), and test on non-production zones only. If you need help auditing/locking down the credential paths and disabling automatic --doit behavior, get those changes applied before granting the skill any provider credentials.
Capability Analysis
Type: OpenClaw Skill
Name: octodns-skill
Version: 0.1.2
The bundle is a legitimate wrapper for the octoDNS tool, designed to manage DNS records via YAML configuration. It includes robust safety documentation (SAFETY.md) and security-oriented scripts (secure-creds.sh, verify-security.sh) that implement best practices such as checking file permissions (chmod 600) and using secure deletion (shred) for temporary credential files. While scripts like setup.sh and load_credentials.sh contain hardcoded local paths (e.g., /Users/markjr/clawd/.credentials), these are clearly unintentional developer remnants rather than malicious artifacts, and the overall logic is transparently focused on preventing accidental DNS record deletion.
Capability Assessment
Purpose & Capability
The skill is legitimately a DNS management wrapper and therefore needs DNS provider credentials (easyDNS, AWS/Route53, Cloudflare, etc.). However, the registry metadata declares no required environment variables or primary credential while the SKILL.md and scripts repeatedly expect EASYDNS_*, AWS_*, CLOUDFLARE_TOKEN, or credential JSON files. That discrepancy between declared requirements and actual needs is incoherent and risks surprise credential access when installed.
Instruction Scope
SKILL.md and included scripts instruct the agent to create/modify local config files, load credentials from a .credentials directory (or environment variables), run octodns commands that can DELETE records, and even provide examples that start a Flask webhook that will accept incoming requests and run syncs. The instructions therefore include file I/O of secrets, network listeners, and automation that can make destructive changes — all within the skill. The README/SAFETY emphasize the destructive risk, but the automation examples (webhook/cron/CI) and the scripts’ behavior exceed a minimal, read-only scope.
Install Mechanism
This is instruction-plus-scripts (no platform install spec). The included install.sh creates a Python venv and pip-installs octodns and a provider package (octodns-easydns). Installing via pip into a venv is expected for this project and not unusual, but because the package will run local code (scripts) it will write files and may run network requests to provider APIs during operation.
Credentials
Although the skill metadata lists no required env vars, the code expects and loads many secrets: EASYDNS_TOKEN, EASYDNS_API_KEY, EASYDNS_PORTFOLIO, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, CLOUDFLARE_TOKEN, and provider-specific credential JSON files under a .credentials directory. There are multiple mechanisms to load credentials (env vars, .credentials JSON, and a load_credentials.sh which even hard-codes a developer home path). Requesting broad provider credentials without declaring them in metadata is disproportionate and surprising.
Persistence & Privilege
The skill does not set always:true. It writes/reads local agent config (.agent-config.json) and credential directories (.credentials) and offers scripts to create them via setup.sh. That behavior is normal for a tool that needs local credentials, but several scripts use a hard-coded developer path (/Users/markjr/clawd/.credentials) which is sloppy and suspicious — it may fail on other systems or inadvertently point to a captured path from the developer. Autonomous invocation is enabled (default) — combined with the undeclared credentials this increases blast radius, so exercise caution.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install octodns-skill - After installation, invoke the skill by name or use
/octodns-skill - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.2
- Added scripts/lib/secure-creds.sh and scripts/verify-security.sh for enhanced credential and security handling.
- Updated scripts/lib/config.sh to integrate new security features.
- Improved management and verification of sensitive credential information.
v0.1.1
- Initial release of `octodns-skill`.
- Added 13 helper scripts for configuration, setup, dumping, validation, and synchronization of DNS zones.
- Provided example and template configuration files for production and zones.
- Included a PROJECT_STATUS.md file to communicate project state.
- No breaking changes; this is the foundational release.
v0.1.0
Initial release of octodns-skill.
- Manage DNS zones across 50+ providers using octoDNS with YAML-based configuration.
- Includes safety-first workflow guidance to prevent accidental record deletion.
- Provides scripts for installation, dumping existing zones, syncing, and validation.
- Supports bulk updates, zone migration, and provider-to-provider sync.
- Includes setup instructions and troubleshooting for easyDNS and common providers.
- Detailed documentation references and workflow best practices included.
Metadata
Frequently Asked Questions
What is Octodns?
Manage DNS zones across multiple providers using octoDNS ("DNS as code"). Use when you need to (1) manage DNS records in YAML format, (2) sync DNS zones betw... It is an AI Agent Skill for Claude Code / OpenClaw, with 400 downloads so far.
How do I install Octodns?
Run "/install octodns-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Octodns free?
Yes, Octodns is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Octodns support?
Octodns is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Octodns?
It is built and maintained by Mark E. Jeftovic (@markjr); the current version is v0.1.2.
More Skills