← Back to Skills Marketplace
1999azzar

Cloudflare Manager

by azzar budiyanto · GitHub ↗ · v1.1.0
cross-platform ⚠ suspicious
1369
Downloads
0
Stars
7
Active Installs
4
Versions
Install in OpenClaw
/install cloudflare-manager
Description
Manage Cloudflare DNS records, Tunnels (cloudflared), and Zero Trust policies. Use for pointing domains, exposing local services via tunnels, and updating in...
README (SKILL.md)

Cloudflare Manager

Standardized system for managing Cloudflare infrastructure and local tunnel ingress.

Prerequisites

  • Binary: python3 and cloudflared must be installed.
  • Credentials: CLOUDFLARE_API_TOKEN (minimal Zone permissions) and CLOUDFLARE_ZONE_ID.

Setup

  1. Define credentials in the environment or a local .env file.
  2. Initialize the local environment: bash scripts/install.sh.

Core Workflows

1. DNS Management

Add, list, or delete DNS records via Cloudflare API.

  • List: python3 $WORKSPACE/skills/cloudflare-manager/scripts/cf_manager.py list-dns
  • Add: python3 $WORKSPACE/skills/cloudflare-manager/scripts/cf_manager.py add-dns --type A --name \x3Csubdomain> --content \x3Cip>

2. Tunnel Ingress (Local)

Update /etc/cloudflared/config.yml and restart the tunnel service.

  • Update: python3 $WORKSPACE/skills/cloudflare-manager/scripts/cf_manager.py update-ingress --hostname \x3Chost> --service \x3Curl>
  • Safety: Use --dry-run to preview configuration changes before application.

Security & Permissions

  • Sudo Usage: The update-ingress command requires sudo to write to system directories and restart the cloudflared service.
  • Least Privilege: Configure restricted sudo access using the pattern in references/sudoers.example.
  • Token Isolation: Ensure API tokens are scoped narrowly to specific zones and permissions.

Reference

Usage Guidance
This skill appears to do what it says (manage Cloudflare DNS and cloudflared ingress) and installs only Python dependencies into a local virtualenv, but it will attempt privileged operations on the host: editing /etc/cloudflared/config.yml and restarting the cloudflared systemd service via sudo. Before installing or running: 1) Verify CLOUDFLARE_API_TOKEN is scoped to the minimum necessary permissions and intended zone. 2) Inspect scripts/cf_manager.py yourself and run commands with --dry-run to preview changes. 3) Confirm cloudflared is installed and CONFIG_PATH (/etc/cloudflared/config.yml) is correct for your system. 4) Because the tool uses sudo, create a restricted sudoers rule (the docs reference a sudoers.example, but that file is not included) limiting the allowed commands (e.g., tee /etc/cloudflared/config.yml and systemctl restart cloudflared). 5) Run the install script in a safe environment to create the venv and review packages installed. If you need tighter assurance, request the missing sudoers.example and explicit Zero Trust policy management details from the author.
Capability Analysis
Type: OpenClaw Skill Name: cloudflare-manager Version: 1.1.0 The skill is classified as suspicious due to significant vulnerabilities, primarily in `scripts/cf_manager.py`. The `update_ingress` function directly inserts user-provided `hostname` and `service` arguments into the `/etc/cloudflared/config.yml` file without sanitization. This creates a high risk of command injection or YAML injection if the `cloudflared` binary or its YAML parser can be exploited by crafted input, potentially leading to arbitrary code execution. Additionally, the skill explicitly requires and uses `sudo` for reading/writing system configuration files (`/etc/cloudflared/config.yml`) and restarting the `cloudflared` service, which, if `sudoers` is not configured with strict least privilege as advised in `SKILL.md`, presents a privilege escalation vulnerability.
Capability Assessment
Purpose & Capability
Name, description, required binaries (python3, cloudflared), and required env vars (CLOUDFLARE_API_TOKEN, CLOUDFLARE_ZONE_ID) align with a Cloudflare DNS/tunnel manager. Minor mismatch: the description mentions 'Zero Trust policies' but the CLI implements DNS, zone settings (update_setting), and ingress updates; there is no explicit high-level Zero Trust policy management surface in the code.
Instruction Scope
SKILL.md and cf_manager.py stick to Cloudflare API calls and editing cloudflared config. However, the runtime instructions and script will read/write /etc/cloudflared/config.yml and restart the cloudflared systemd service using sudo. The docs reference references/sudoers.example for least-privilege sudo configuration, but that file is not present in the provided manifest — an inconsistency to resolve. The SKILL.md also uses $WORKSPACE paths which may not exist in all runtimes.
Install Mechanism
Install is local: scripts/install.sh creates a virtualenv and pip-installs 'requests' and 'PyYAML' from requirements.txt. No remote, arbitrary archive downloads or obscure third-party installers are used.
Credentials
Only Cloudflare credentials are required (CLOUDFLARE_API_TOKEN, CLOUDFLARE_ZONE_ID). The script also accepts CF_API_TOKEN / CF_ZONE_ID as fallbacks, which is reasonable. No unrelated credentials or broad secrets are requested.
Persistence & Privilege
The skill is not always-enabled and does not demand persistent platform privileges. It does, however, require sudo to update system config and restart cloudflared for the 'update-ingress' workflow — a legitimate need for this functionality but high-privilege. Ensure sudo is scoped tightly (the SKILL.md suggests this) before allowing these operations.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install cloudflare-manager
  3. After installation, invoke the skill by name or use /cloudflare-manager
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
Addressed audit findings: declared env requirements (API Token, Zone ID), verified manifest inclusion of sudoers.example, and standardized metadata.
v1.0.2
- Added installation instructions for Python dependencies and a setup script. - Introduced requirements.txt and install.sh for streamlined environment setup. - Updated usage examples to use the local virtual environment Python. - Enhanced security guidance: now references a sample sudoers file for tighter privilege control.
v1.0.1
Version 1.0.1 - Updated configuration instructions to specify required environment variables: CLOUDFLARE_API_TOKEN and CLOUDFLARE_ZONE_ID, with legacy support for CF_API_TOKEN and CF_ZONE_ID. - Added a detailed section for command-line usage of scripts/cf_manager.py, including syntax, options, and practical examples. - Clarified security requirements, including API token permissions and sudo access for privileged commands. - Added guidance on using the --dry-run option to safely preview configuration changes. - Improved documentation structure and clarity for setup and operation.
v1.0.0
Cloudflare Manager 1.0.0 initial release: - Manage Cloudflare DNS records (add, edit, delete A/CNAME). - Set up and configure Cloudflare Tunnels using cloudflared. - Manage Zero Trust security policies, including Access and WAF rules. - Provides setup instructions and security best practices. - Outputs commands or API requests for cloud operations.
Metadata
Slug cloudflare-manager
Version 1.1.0
License
All-time Installs 7
Active Installs 7
Total Versions 4
Frequently Asked Questions

What is Cloudflare Manager?

Manage Cloudflare DNS records, Tunnels (cloudflared), and Zero Trust policies. Use for pointing domains, exposing local services via tunnels, and updating in... It is an AI Agent Skill for Claude Code / OpenClaw, with 1369 downloads so far.

How do I install Cloudflare Manager?

Run "/install cloudflare-manager" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Cloudflare Manager free?

Yes, Cloudflare Manager is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Cloudflare Manager support?

Cloudflare Manager is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Cloudflare Manager?

It is built and maintained by azzar budiyanto (@1999azzar); the current version is v1.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments