← Back to Skills Marketplace
1203
Downloads
2
Stars
4
Active Installs
1
Versions
Install in OpenClaw
/install digitalocean
Description
Manage DigitalOcean resources via API — Droplets (create/destroy/resize/power), DNS zones and records, Spaces (object storage), Databases, Firewalls, Load Balancers, Kubernetes, and account/billing info.
README (SKILL.md)
DigitalOcean API Skill
Control DigitalOcean infrastructure programmatically: droplets, DNS, databases, storage, networking.
Authentication
API token required. Get one from: https://cloud.digitalocean.com/account/api/tokens
Store in ~/.config/digitalocean/token (just the token, no newline):
mkdir -p ~/.config/digitalocean
echo -n "YOUR_API_TOKEN" > ~/.config/digitalocean/token
chmod 600 ~/.config/digitalocean/token
Quick Reference
Droplets (VMs)
# List all droplets
python3 scripts/digitalocean.py droplets list
# Get droplet details
python3 scripts/digitalocean.py droplets get \x3Cdroplet_id>
# Create droplet
python3 scripts/digitalocean.py droplets create \x3Cname> --region nyc1 --size s-1vcpu-1gb --image ubuntu-24-04-x64
# Power actions
python3 scripts/digitalocean.py droplets power-on \x3Cdroplet_id>
python3 scripts/digitalocean.py droplets power-off \x3Cdroplet_id>
python3 scripts/digitalocean.py droplets reboot \x3Cdroplet_id>
# Resize droplet
python3 scripts/digitalocean.py droplets resize \x3Cdroplet_id> --size s-2vcpu-4gb
# Snapshot
python3 scripts/digitalocean.py droplets snapshot \x3Cdroplet_id> --name "backup-2024"
# Destroy droplet
python3 scripts/digitalocean.py droplets destroy \x3Cdroplet_id>
DNS Management
# List domains
python3 scripts/digitalocean.py dns list
# Get domain records
python3 scripts/digitalocean.py dns records \x3Cdomain>
# Add record
python3 scripts/digitalocean.py dns add \x3Cdomain> --type A --name www --data 1.2.3.4 --ttl 300
# Update record
python3 scripts/digitalocean.py dns update \x3Cdomain> \x3Crecord_id> --data 5.6.7.8
# Delete record
python3 scripts/digitalocean.py dns delete \x3Cdomain> \x3Crecord_id>
# Add domain
python3 scripts/digitalocean.py dns create \x3Cdomain>
Firewalls
# List firewalls
python3 scripts/digitalocean.py firewalls list
# Create firewall
python3 scripts/digitalocean.py firewalls create \x3Cname> --inbound tcp:22:0.0.0.0/0 --inbound tcp:80:0.0.0.0/0 --inbound tcp:443:0.0.0.0/0
# Add droplet to firewall
python3 scripts/digitalocean.py firewalls add-droplet \x3Cfirewall_id> \x3Cdroplet_id>
Spaces (Object Storage)
# List spaces (requires spaces key)
python3 scripts/digitalocean.py spaces list
# Create space
python3 scripts/digitalocean.py spaces create \x3Cname> --region nyc3
Databases
# List database clusters
python3 scripts/digitalocean.py databases list
# Get database details
python3 scripts/digitalocean.py databases get \x3Cdb_id>
Account & Billing
# Account info
python3 scripts/digitalocean.py account
# Balance
python3 scripts/digitalocean.py billing balance
# Billing history
python3 scripts/digitalocean.py billing history
SSH Keys
# List SSH keys
python3 scripts/digitalocean.py ssh-keys list
# Add SSH key
python3 scripts/digitalocean.py ssh-keys add \x3Cname> --key "ssh-ed25519 AAAA..."
Images & Snapshots
# List available images
python3 scripts/digitalocean.py images list
# List your snapshots
python3 scripts/digitalocean.py images snapshots
# Delete snapshot
python3 scripts/digitalocean.py images delete \x3Cimage_id>
Regions & Sizes
# List regions
python3 scripts/digitalocean.py regions
# List droplet sizes
python3 scripts/digitalocean.py sizes
DNS Record Types
Supported record types:
A— IPv4 addressAAAA— IPv6 addressCNAME— Canonical name (alias)MX— Mail exchange (requires priority)TXT— Text recordNS— NameserverSRV— Service recordCAA— Certificate Authority Authorization
Common Workflows
Deploy a New Server
# 1. Create droplet
python3 scripts/digitalocean.py droplets create myserver --region nyc1 --size s-1vcpu-2gb --image ubuntu-24-04-x64 --ssh-keys \x3Ckey_id>
# 2. Get IP address
python3 scripts/digitalocean.py droplets get \x3Cdroplet_id>
# 3. Add DNS record
python3 scripts/digitalocean.py dns add mydomain.com --type A --name @ --data \x3Cip>
# 4. Set up firewall
python3 scripts/digitalocean.py firewalls create web-server --inbound tcp:22:0.0.0.0/0 --inbound tcp:80:0.0.0.0/0 --inbound tcp:443:0.0.0.0/0
python3 scripts/digitalocean.py firewalls add-droplet \x3Cfw_id> \x3Cdroplet_id>
Migrate DNS to DigitalOcean
# 1. Add domain
python3 scripts/digitalocean.py dns create example.com
# 2. Add records
python3 scripts/digitalocean.py dns add example.com --type A --name @ --data 1.2.3.4
python3 scripts/digitalocean.py dns add example.com --type CNAME --name www --data example.com.
# 3. Update nameservers at registrar to:
# ns1.digitalocean.com
# ns2.digitalocean.com
# ns3.digitalocean.com
Direct API Access
For operations not covered by the script:
TOKEN=$(cat ~/.config/digitalocean/token)
curl -H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
https://api.digitalocean.com/v2/droplets
API Documentation
- Full API reference: https://docs.digitalocean.com/reference/api/
- API v2 base URL: https://api.digitalocean.com/v2/
Common Droplet Sizes
| Slug | vCPUs | RAM | Disk | Price/mo |
|---|---|---|---|---|
| s-1vcpu-512mb-10gb | 1 | 512MB | 10GB | $4 |
| s-1vcpu-1gb | 1 | 1GB | 25GB | $6 |
| s-1vcpu-2gb | 1 | 2GB | 50GB | $12 |
| s-2vcpu-2gb | 2 | 2GB | 60GB | $18 |
| s-2vcpu-4gb | 2 | 4GB | 80GB | $24 |
| s-4vcpu-8gb | 4 | 8GB | 160GB | $48 |
Common Regions
| Slug | Location |
|---|---|
| nyc1, nyc3 | New York |
| sfo3 | San Francisco |
| ams3 | Amsterdam |
| sgp1 | Singapore |
| lon1 | London |
| fra1 | Frankfurt |
| tor1 | Toronto |
| blr1 | Bangalore |
| syd1 | Sydney |
Usage Guidance
This skill appears to implement a legitimate DigitalOcean CLI, but metadata and documentation disagree about credentials and packaging — the SKILL.md and script expect an API token at ~/.config/digitalocean/token while the registry metadata lists no required credentials or config paths. Before installing or using it:
- Treat the repository as unverified (source/homepage unknown). Prefer official or well-known integrations when possible.
- Inspect scripts/digitalocean.py yourself (you already have it) for any unexpected network addresses or file accesses (none were found beyond the token file and the DigitalOcean API in this scan).
- Do not store a full-purpose account token unless you trust the skill; create a scoped API token with the minimal privileges needed (e.g., read-only or limited resource scopes), and rotate it after testing.
- Consider placing the token in a secure location you control (or pass via a process environment variable) and verify the file permissions (SKILL.md recommends chmod 600).
- If you plan to let an agent invoke this skill autonomously, be extra cautious: autonomous access plus an undeclared credential increases blast radius. Require explicit metadata that declares required credentials/config paths and confirm the token scope before enabling the skill.
If the owner can update the registry metadata to declare the API token/config path (or provide a safer credential flow), that would resolve the main inconsistency and increase confidence.
Capability Analysis
Type: OpenClaw Skill
Name: digitalocean
Version: 1.0.0
The OpenClaw AgentSkills bundle for DigitalOcean is benign. The `SKILL.md` provides clear, non-malicious instructions for managing DigitalOcean resources and properly guides the user on storing the API token. The `scripts/digitalocean.py` script correctly implements a CLI client for the DigitalOcean API, reading the token from the designated path (`~/.config/digitalocean/token`) and making requests exclusively to the official DigitalOcean API endpoint (api.digitalocean.com). There is no evidence of data exfiltration, malicious execution, persistence mechanisms, prompt injection attempts against the agent, or obfuscation.
Capability Assessment
Purpose & Capability
The name, description, SKILL.md and the included Python script all align: the code calls the official DigitalOcean API and implements droplets, DNS, firewalls, spaces, databases, billing, SSH keys, images, etc. There are no obvious unrelated capabilities (no calls to non-DigitalOcean endpoints). However the registry metadata claims 'instruction-only' / no install but does include a code file, which is an inconsistency (minor but worth noting).
Instruction Scope
SKILL.md instructs the agent (and the user) to store a DigitalOcean API token at ~/.config/digitalocean/token and to call the bundled script or the DigitalOcean API directly. The runtime instructions and script stay within the stated domain (DigitalOcean API). The instructions do not ask the agent to read unrelated system files or exfiltrate data to unexpected endpoints.
Install Mechanism
There is no install spec (no packages downloaded), which is low risk. But the package is not truly 'instruction-only' — it bundles scripts/digitalocean.py that will be executed locally. That mismatch is informational: the code is included and will run when invoked, but nothing is installed automatically.
Credentials
SKILL.md and the script require a DigitalOcean API token stored at ~/.config/digitalocean/token, yet the registry metadata declares no primary credential, required env vars, or required config paths. This omission is an inconsistency that matters: the skill does require a secret (API token) with potentially broad privileges, but that requirement is not declared in the metadata. Users should treat this as suspicious until the credential requirements are explicit. Also SKILL.md suggests 'Spaces (requires spaces key)' which implies additional credentials; the metadata does not reflect that either.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide settings. It only reads a token file from the user's home directory when invoked. Autonomous invocation (disable-model-invocation:false) is the platform default and not highlighted here; combined with the credential omission above it increases risk, but on its own this is normal.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install digitalocean - After installation, invoke the skill by name or use
/digitalocean - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
DigitalOcean API Skill initial release.
- Manage DigitalOcean resources: droplets, DNS, databases, object storage (Spaces), firewalls, load balancers, Kubernetes, and more.
- Includes authentication guide, API token setup instructions, and detailed quick reference commands for all supported resources.
- Supports common workflows such as server deployment and DNS migration.
- Provides lists of supported regions, droplet sizes, and DNS record types.
- Direct API access instructions included for advanced usage.
Metadata
Frequently Asked Questions
What is DigitalOcean?
Manage DigitalOcean resources via API — Droplets (create/destroy/resize/power), DNS zones and records, Spaces (object storage), Databases, Firewalls, Load Balancers, Kubernetes, and account/billing info. It is an AI Agent Skill for Claude Code / OpenClaw, with 1203 downloads so far.
How do I install DigitalOcean?
Run "/install digitalocean" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is DigitalOcean free?
Yes, DigitalOcean is completely free (open-source). You can download, install and use it at no cost.
Which platforms does DigitalOcean support?
DigitalOcean is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created DigitalOcean?
It is built and maintained by rexlunae (@rexlunae); the current version is v1.0.0.
More Skills