← 返回 Skills 市场
754
总下载
0
收藏
1
当前安装
2
版本数
在 OpenClaw 中安装
/install namecheap-dns
功能描述
Manage Namecheap DNS records safely by fetching existing entries, merging changes, auto-backing up, previewing diffs, dry-running, and rolling back updates.
安全使用建议
This skill appears to implement a legitimate Namecheap DNS helper, but the metadata published with the skill is incomplete. Before installing or running it: (1) expect to set NAMECHEAP_API_KEY, NAMECHEAP_USERNAME, and NAMECHEAP_API_USER in your environment — the script will exit without them; (2) ensure the host has 'dig' (the script calls dig via execSync) and you understand npm install will pull dependencies into the skill folder; (3) Namecheap requires your client IP to be whitelisted — the script queries https://ifconfig.me/ip to obtain your IP and sends it to the API; (4) backups are written to disk (default skill/backups or configurable via NAMECHEAP_BACKUP_DIR) so verify the storage location and permissions; (5) review package.json/package-lock.json (axios and common deps) and audit/install in a controlled environment if you don't trust the source. The primary issue is inconsistency between what the skill actually requires and what the registry metadata declares — if you intend to use it, request the publisher correct the metadata or confirm the required env vars and the need for 'dig' before proceeding.
功能分析
Type: OpenClaw Skill
Name: namecheap-dns
Version: 1.1.0
The skill's stated purpose and overall design are benign, aiming to provide a safer wrapper for Namecheap DNS management. However, the `namecheap-dns.js` script contains a shell injection vulnerability. User-controlled inputs (`fullDomain` and `sub`) are directly interpolated into `execSync` calls for the `dig` command (e.g., `execSync(`dig +short ${fullDomain} ${type}`)`). This lack of input sanitization could allow an attacker to execute arbitrary commands if they can control the domain argument, making it a critical vulnerability, but not evidence of intentional malicious behavior.
能力评估
Purpose & Capability
The skill's stated purpose (managing Namecheap DNS) legitimately requires Namecheap API credentials and network access to Namecheap; the code indeed requires NAMECHEAP_API_KEY, NAMECHEAP_USERNAME and NAMECHEAP_API_USER. However the registry metadata declares no required environment variables or primary credential — that's an inconsistency that could mislead users about what secrets are needed. Additionally the code runs system 'dig' commands but the declared required binaries only list node and npm, not dig.
Instruction Scope
SKILL.md instructs the user to run npm install and set NAMECHEAP_* env vars, and the script performs network calls (Namecheap API and https://ifconfig.me/ip) and executes system 'dig' via execSync to enumerate live DNS. Those actions are within the DNS-management purpose, but they reference system binaries (dig) and an external IP service that are not reflected in the registry metadata. The script also writes backup files to disk (defaulting to a backups directory under the skill) and will abort if required env vars are missing.
Install Mechanism
There is no automated install spec in the registry (instruction-only), but the package.json and package-lock.json are included and SKILL.md tells users to run npm install in the skill directory. That is a reasonable manual install approach, but users should be aware that running npm install will write node_modules to disk and pull third-party packages (axios and its dependencies).
Credentials
The code requires NAMECHEAP_API_KEY, NAMECHEAP_USERNAME, and NAMECHEAP_API_USER (and optionally NAMECHEAP_BACKUP_DIR and DEBUG) — but the registry metadata lists no required env vars or primary credential. Requesting API keys is proportionate to the stated purpose, but the missing declaration is an important mismatch. The script also retrieves the public IP from ifconfig.me (to send to Namecheap for whitelisting).
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It writes backups to its own backup directory (default relative to the skill or configurable via NAMECHEAP_BACKUP_DIR). It uses execSync to run dig but that is local execution within the skill's scope. Autonomous invocation is allowed (platform default) but is not combined here with other high-risk flags.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install namecheap-dns - 安装完成后,直接呼叫该 Skill 的名称或使用
/namecheap-dns触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
Added verify command for ghost record detection, automatic safety checks before destructive operations, DNS snapshots in backups, configurable backup directory
v1.0.0
Initial release: safe DNS record management with fetch-merge-write, dry-run, auto-backups, rollback
元数据
常见问题
Namecheap DNS 是什么?
Manage Namecheap DNS records safely by fetching existing entries, merging changes, auto-backing up, previewing diffs, dry-running, and rolling back updates. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 754 次。
如何安装 Namecheap DNS?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install namecheap-dns」即可一键安装,无需额外配置。
Namecheap DNS 是免费的吗?
是的,Namecheap DNS 完全免费(开源免费),可自由下载、安装和使用。
Namecheap DNS 支持哪些平台?
Namecheap DNS 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Namecheap DNS?
由 jarekbird(@jarekbird)开发并维护,当前版本 v1.1.0。
推荐 Skills