← 返回 Skills 市场

Cloudflare Dns Updater

Name: Cloudflare Dns Updater
Author: xieyuanqing

作者 xieyuanqing · GitHub ↗ · v0.1.1

cross-platform ⚠ suspicious

1689

总下载

当前安装

版本数

在 OpenClaw 中安装

/install cloudflare-dns-updater

功能描述

Creates or updates a proxied Cloudflare DNS A record. Use when you need to programmatically point a subdomain to an IP address. Takes record name, zone name, and IP address as input.

使用说明 (SKILL.md)

Cloudflare DNS Updater

This skill creates or updates a Cloudflare DNS 'A' record, pointing it to a specified IP address and ensuring it is proxied. It is a foundational tool for automating service deployment and DNS management.

Pre-requisites

This skill requires the CLOUDFLARE_API_TOKEN environment variable to be set with a valid Cloudflare API Token that has DNS edit permissions.

The model should verify this prerequisite before attempting to use the skill. If the variable is not set, it should inform the user and stop.

Core Action: `scripts/update-record.py`

The core logic is handled by the update-record.py script.

Inputs (Command-Line Arguments)

--zone: (Required) The root domain name. Example: example.com
--record: (Required) The name of the record (subdomain). Use @ for the root domain itself. Example: www
--ip: (Required) The IPv4 address to point the record to.
--proxied: (Optional) Boolean (true or false) to set the Cloudflare proxy status. Defaults to true.

Output

The script will print its progress to stdout.

On success, it prints a confirmation message and a JSON object of the created/updated record.
On failure, it prints a descriptive error message to stderr and exits with a non-zero status code.

Execution Workflow

To use this skill, follow these steps:

Verify Prerequisites: Check if the CLOUDFLARE_API_TOKEN environment variable is set. If not, notify the user and abort.
Gather Inputs: From the user's request, identify the zone, record name, and target ip.
Construct Command: Build the full shell command to execute the script.
Execute Command: Run the command using the exec tool.
Report Result:
- If the command succeeds, report the successful creation or update to the user.
- If the command fails, analyze the error message from stderr and report the issue to the user in a clear, understandable way.

Example Usage

User Request: "Point www.example.com to the server's public IP."

AI's Thought Process:

The user wants to update a DNS record on Cloudflare. The cloudflare-dns-updater skill is perfect for this.
I will use the update-record.py script.
I need the zone, record name, and IP.
- Zone: example.com
- Record: www
- IP: I need to find the server's public IP first. I can use curl -s https://ipv4.icanhazip.com/.
I will first get the IP, then construct the final command.
I will execute the command and report the outcome.

AI's Actions:

# Step 1: Get IP
PUBLIC_IP=$(curl -s https://ipv4.icanhazip.com/)

# Step 2: Run the skill's script
python3 skills/cloudflare-dns-updater/scripts/update-record.py \
  --zone "example.com" \
  --record "www" \
  --ip "$PUBLIC_IP"

Failure Strategy

If CLOUDFLARE_API_TOKEN is not set: Do not attempt to run the script. Inform the user that the required environment variable is missing and needs to be configured by the administrator.
If the script exits with an error: Read the error message from stderr. Common errors include invalid API token, incorrect zone name, or insufficient permissions. Report the specific error to the user.

安全使用建议

This skill's code and documentation implement a normal Cloudflare DNS updater, but the registry metadata omitted the required CLOUDFLARE_API_TOKEN. Before installing or using it: 1) Confirm you can provide a CLOUDFLARE_API_TOKEN (set it in the environment) and verify the token is scoped with the minimum permissions (prefer zone-scoped DNS edit rights rather than a full account token). 2) Understand the agent will make outbound requests to Cloudflare and (optionally) to https://ipv4.icanhazip.com/ to detect public IP — run it in a network environment where those calls are acceptable. 3) Review the included script yourself (it is short and readable) and consider rotating the token after testing. 4) If you rely on registry metadata for automated policy enforcement, update it to declare CLOUDFLARE_API_TOKEN so the requirement isn't missed. If you cannot provide a properly-scoped token or cannot accept outbound network calls, do not enable the skill.

功能分析

Type: OpenClaw Skill Name: cloudflare-dns-updater Version: 0.1.1 The skill is classified as suspicious due to the explicit instruction in `SKILL.md` for the AI agent to execute an external shell command (`curl -s https://ipv4.icanhazip.com/`). While this command is benign and serves the stated purpose of dynamically obtaining an IP address for DNS updates, it demonstrates a capability for the agent to execute arbitrary shell commands based on skill instructions, which represents a significant prompt injection vector. The `scripts/update-record.py` itself securely handles the `CLOUDFLARE_API_TOKEN` and only interacts with `api.cloudflare.com`.

能力评估

ℹ Purpose & Capability

The name/description match the included Python script: behavior is to create/update Cloudflare A records. Requiring python3 and the requests library is appropriate. However, the registry metadata lists no required environment variables or primary credential, while the SKILL.md and script explicitly require CLOUDFLARE_API_TOKEN; this metadata omission is inconsistent and worth flagging.

✓ Instruction Scope

SKILL.md confines actions to: check for CLOUDFLARE_API_TOKEN, collect zone/record/IP, optionally fetch the host's public IP via https://ipv4.icanhazip.com/, and run the included script. There is no instruction to read unrelated files or exfiltrate data to unexpected endpoints. The external call to icanhazip is reasonable for discovering a public IP but is an external network operation the user should be aware of.

✓ Install Mechanism

This is an instruction-only skill with a bundled Python script and a small requirements.txt (requests). No network downloads or archive extraction during install are required, which is low risk.

⚠ Credentials

The script and SKILL.md require CLOUDFLARE_API_TOKEN (a sensitive credential) but the registry metadata does not declare it as a required env var or primary credential. That mismatch is concerning because automated tooling or users may not realize a secret must be supplied. The requested token is proportionate for DNS edits, but you should confirm the token's permissions (use least privilege / zone-scoped token).

✓ Persistence & Privilege

The skill does not request always: true, does not modify other skills or system-wide settings, and is user-invocable. It requires only runtime invocation to execute the script.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install cloudflare-dns-updater
安装完成后，直接呼叫该 Skill 的名称或使用 /cloudflare-dns-updater 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.1.1

Security fix: Anonymized all examples in SKILL.md to remove private information.

v0.1.0

Initial release – Automate Cloudflare DNS A record creation or update - Adds a skill to programmatically create or update proxied Cloudflare DNS A records for a given zone and subdomain. - Requires a valid CLOUDFLARE_API_TOKEN with DNS edit permissions to be set in the environment. - Accepts `zone`, `record`, and `ip` as inputs, with optional control over proxying. - Informs the user of prerequisites, command execution progress, and any errors in a clear, actionable way.

元数据

Slug cloudflare-dns-updater

版本 0.1.1

许可证 —

累计安装 6

当前安装数 6

历史版本数 2

常见问题