Ovh

Manage OVHcloud services via API. Use when user asks about OVH domains, DNS records, VPS, cloud instances, dedicated servers, email, SSL certificates, or any OVH service management. Supports listing, creating, updating, and deleting resources.

This skill appears to implement what it claims (it calls only OVH API endpoints), but the package metadata incorrectly omits the required OVH environment variables. Before installing: (1) Review and trust the script source (scripts/ovh-cli.py is included and readable). (2) Create a dedicated OVH consumer key with as-limited permissions as possible (prefer read-only or narrowly scoped write perms for the specific operations you need). (3) Do not supply account-wide or admin-level keys; test first with read-only commands like 'me', 'domains', 'dns <domain>' before performing creates/deletes/reboots. (4) Be cautious if allowing autonomous agent invocation: the agent could call destructive operations using the provided credentials. (5) Ask the publisher to update registry metadata to declare the required environment variables and document recommended minimal scopes — if they cannot, treat the omission as a sign of sloppy packaging and proceed only after manual review.

Type: OpenClaw Skill Name: ovh Version: 1.0.0 The OpenClaw AgentSkill for OVHcloud services is classified as benign. The `ovh-cli.py` script securely retrieves OVH API credentials from environment variables and uses the legitimate `ovh` Python library to interact with the OVH API. All operations, including DNS management and server control, are directly aligned with the stated purpose of managing OVH services. There is no evidence of data exfiltration to unauthorized endpoints, malicious execution, persistence mechanisms, obfuscation, or prompt injection attempts in the `SKILL.md` or the Python script. While the skill grants access to powerful cloud management actions, these are inherent to its stated purpose and do not indicate malicious intent from the skill itself.