← 返回 Skills 市场
Domain Dns Ops
作者
Peter Steinberger
· GitHub ↗
· v1.0.0
3269
总下载
12
收藏
11
当前安装
1
版本数
在 OpenClaw 中安装
/install domain-dns-ops
功能描述
Domain/DNS ops across Cloudflare, DNSimple, Namecheap for Peter. Use for onboarding zones to Cloudflare, flipping nameservers, setting redirects (Page Rules/Rulesets/Workers), updating redirect-worker mappings, and verifying DNS/HTTP. Source of truth: ~/Projects/manager.
使用说明 (SKILL.md)
Domain/DNS Ops (Peter)
This skill is a thin router: use ~/Projects/manager as truth, run the repo scripts, follow the checklists.
Source of truth (read first)
~/Projects/manager/DOMAINS.md(domain -> target map; registrar hints; exclusions)~/Projects/manager/DNS.md(Cloudflare onboarding + DNS/redirect checklist)~/Projects/manager/redirect-worker.ts+~/Projects/manager/redirect-worker-mapping.md(worker redirects)
Golden path (new vanity domain -> Cloudflare -> redirect)
- Decide routing model
- Page Rule redirect (small scale, per-zone).
- Rulesets / Bulk Redirects (account-level; needs token perms).
- Worker route (fallback; uses
redirect-worker).
- Cloudflare zone
- Create zone (UI), then confirm with
cli4:cli4 --get name=example.com /zones
- Create zone (UI), then confirm with
- Nameservers
- If registrar = Namecheap:
cd ~/Projects/manager && source profile && bin/namecheap-set-ns example.com emma.ns.cloudflare.com scott.ns.cloudflare.com - If registrar = DNSimple: see
~/Projects/manager/DNS.mdfor delegation API notes.
- If registrar = Namecheap:
- DNS placeholders (so CF can terminate HTTPS)
- Proxied apex
A+ wildcardA→192.0.2.1(see~/Projects/manager/DNS.mdfor exactcli4calls).
- Proxied apex
- Redirect
- If using Page Rules: use the
cli4 --post ... /pagerulestemplate from~/Projects/manager/DNS.md. - If using Worker: update mapping (
~/Projects/manager/redirect-worker-mapping.md), deploy/bind routes per~/Projects/manager/DNS.md.
- If using Page Rules: use the
- Verify
- DNS:
dig +short example.com @1.1.1.1(expect CF anycast). - HTTPS redirect:
curl -I https://example.com(expect301).
- DNS:
Common ops
- Cloudflare token sanity:
source ~/.profile(preferCLOUDFLARE_API_TOKEN;CF_API_TOKENfallback). - Disable “Block AI bots”:
cd ~/Projects/manager && source profile && bin/cloudflare-ai-bots status/bin/cloudflare-ai-bots disable.
After edits (commit/push)
If you changed anything in ~/Projects/manager (docs, worker, scripts, mappings): commit there too.
- Review:
cd ~/Projects/manager && git status && git diff - Stage:
git add \x3Cpaths> - Commit (Conventional Commits):
git commit -m "feat: …"/fix:/docs:/chore: - Push only when explicitly asked:
git push origin main
Guardrails
- Don’t touch
.mdlore domains orsteipete.mdunless explicitly asked; check~/Projects/manager/DOMAINS.md. - Confirm registrar before debugging CF “invalid nameservers” (often “wrong registrar”).
- Prefer reversible steps; verify after each change (NS → DNS → redirect).
安全使用建议
This skill appears to do what it says (manage DNS and Cloudflare for a personal repo), but its metadata fails to declare the local paths, CLI tools, and API tokens the instructions use. Before installing or allowing autonomous use: 1) Confirm ~/Projects/manager exists and review every script it calls (bin/*, redirect-worker, profile) so you know what will run and what secrets those scripts read. 2) Require the skill metadata be updated to declare required env vars (CLOUDFLARE_API_TOKEN, CF_API_TOKEN, and any Namecheap/DNSimple creds) and required binaries (cli4, rg, dig, curl, git) so approvals are informed. 3) Limit the agent to user-invoked only (disable autonomous invocation) until you trust it, and disallow automatic git push or nameserver flips without explicit human confirmation. 4) Use least-privilege tokens scoped to only the needed Cloudflare/registrar operations, and rotate tokens after testing. If you cannot review the referenced repo scripts and the profile file, treat this skill as high-risk and do not enable it for autonomous runs.
功能分析
Type: OpenClaw Skill
Name: domain-dns-ops
Version: 1.0.0
The skill is classified as suspicious due to its reliance on executing arbitrary local scripts (`~/Projects/manager/bin/*`) and sourcing local files (`~/Projects/manager/profile`, `~/.profile`) whose contents are not provided. While these actions are plausibly needed for the stated purpose of 'Domain/DNS ops' and managing a local Git repository, they introduce a significant trust boundary. The `SKILL.md` also instructs the agent to handle sensitive Cloudflare API tokens and perform `git push` operations, which are high-risk capabilities, even if the instructions themselves do not explicitly direct malicious behavior.
能力评估
Purpose & Capability
The name/description (Cloudflare, DNSimple, Namecheap ops) is coherent with the runtime instructions, but the skill metadata declares no required binaries, no env vars, and no config paths while the instructions repeatedly rely on local repo scripts (~/Projects/manager), CLI tools (cli4, rg), and environment tokens. The absence of these declarations is a mismatch: a domain ops skill legitimately needs access to API tokens and repo scripts, so the metadata should list them.
Instruction Scope
SKILL.md directs the agent to read and run from the user's home repo (~/Projects/manager), source profiles (~/.profile and ./profile), run repo bin scripts (bin/namecheap-set-ns, bin/cloudflare-ai-bots), call cli4, run dig/curl, and run git commands. These are expected for DNS ops, but they involve reading local files and environment variables and executing actions that can modify DNS, push commits, or change nameservers. The instructions also reference tokens (CLOUDFLARE_API_TOKEN / CF_API_TOKEN) even though the skill metadata doesn't declare them.
Install Mechanism
No install spec (instruction-only) — lowers installer risk because nothing is written by the skill package itself. However, the skill assumes pre-existing local tooling and a personal repo; the security surface is the user's environment rather than installed package files.
Credentials
The skill metadata lists no required environment variables, but SKILL.md explicitly instructs the agent to prefer CLOUDFLARE_API_TOKEN (with CF_API_TOKEN fallback) and relies on credentials in ~/Projects/manager/profile for Namecheap / DNSimple. This omission is significant: the skill will access sensitive tokens and profile files without those credentials being declared, making it unclear what secrets the agent will read or require.
Persistence & Privilege
always:false (good). The skill is user-invocable and allows autonomous invocation (platform default). While that alone is normal, autonomous execution combined with the instruction-level access to local tokens and repo scripts increases blast radius — an agent invoked without careful limits could run commands that touch DNS, commit/push code, or reveal secrets.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install domain-dns-ops - 安装完成后,直接呼叫该 Skill 的名称或使用
/domain-dns-ops触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
元数据
常见问题
Domain Dns Ops 是什么?
Domain/DNS ops across Cloudflare, DNSimple, Namecheap for Peter. Use for onboarding zones to Cloudflare, flipping nameservers, setting redirects (Page Rules/Rulesets/Workers), updating redirect-worker mappings, and verifying DNS/HTTP. Source of truth: ~/Projects/manager. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 3269 次。
如何安装 Domain Dns Ops?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install domain-dns-ops」即可一键安装,无需额外配置。
Domain Dns Ops 是免费的吗?
是的,Domain Dns Ops 完全免费(开源免费),可自由下载、安装和使用。
Domain Dns Ops 支持哪些平台?
Domain Dns Ops 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Domain Dns Ops?
由 Peter Steinberger(@steipete)开发并维护,当前版本 v1.0.0。
推荐 Skills