← Back to Skills Marketplace
insipidpoint

Cloudflare

by Shiwei Song · GitHub ↗ · v1.5.0
cross-platform ✓ Security Clean
1828
Downloads
1
Stars
9
Active Installs
6
Versions
Install in OpenClaw
/install cloudflare-toolkit
Description
Manage Cloudflare domains, DNS records, SSL settings, zone configuration, firewall rules, tunnels, and analytics via the Cloudflare API. Use when the user as...
README (SKILL.md)

Cloudflare

Manage Cloudflare zones, DNS, SSL, tunnels, and settings via the bundled scripts/cf.sh bash script.

Prerequisites

  • curl, jq, and openssl must be available on the system
  • Set CLOUDFLARE_API_TOKEN environment variable
  • Optionally set CLOUDFLARE_ACCOUNT_ID for tunnel operations

CLI: scripts/cf.sh

All operations go through the bundled scripts/cf.sh bash script (included in this skill). No external downloads needed.

# Run from skill directory
./scripts/cf.sh \x3Ccommand> [args...]
# Or reference by absolute path
/path/to/skills/cloudflare/scripts/cf.sh \x3Ccommand> [args...]

Commands

Command Args Description
help Show all commands
verify Verify API token is valid
zones [domain] List zones (optionally filter by domain name)
zone-get \x3Czone_id> Get zone details
zone-id \x3Cdomain> Get zone ID from domain name
dns-list \x3Czone_id> [type] [name] List DNS records
dns-create \x3Czone_id> \x3Ctype> \x3Cname> \x3Ccontent> [proxied] [ttl] Create DNS record
dns-update \x3Czone_id> \x3Crecord_id> \x3Ctype> \x3Cname> \x3Ccontent> [proxied] [ttl] Update DNS record
dns-delete \x3Czone_id> \x3Crecord_id> Delete DNS record
dns-export \x3Czone_id> Export all records as JSON
dns-import \x3Czone_id> \x3Cfile.json> Import records from JSON
settings-list \x3Czone_id> List all zone settings
setting-get \x3Czone_id> \x3Csetting> Get specific setting
setting-set \x3Czone_id> \x3Csetting> \x3Cvalue> Update a setting
ssl-get \x3Czone_id> Get current SSL mode
ssl-set \x3Czone_id> \x3Cmode> Set SSL mode (off/flexible/full/strict)
cache-purge \x3Czone_id> [url1 url2 ...] Purge specific URLs or everything
pagerules-list \x3Czone_id> List page rules
firewall-list \x3Czone_id> List firewall rules
tunnels-list List Cloudflare Tunnels (needs ACCOUNT_ID)
tunnel-get \x3Ctunnel_id> Get tunnel details
tunnel-create \x3Cname> Create a tunnel (needs ACCOUNT_ID)
tunnel-delete \x3Ctunnel_id> Delete a tunnel (needs ACCOUNT_ID)
analytics \x3Czone_id> [since_minutes] Zone analytics (default: last 24h)

Proxied flag

  • true — orange cloud, traffic through Cloudflare (CDN, WAF, DDoS)
  • false — grey cloud, DNS-only (use for MX, non-HTTP services)

TTL

  • 1 = automatic (Cloudflare-managed)
  • Set explicit seconds for DNS-only records (e.g., 3600)

Typical workflows

Point domain to server

# Find zone ID
cf zones example.com
# Create A record (proxied)
cf dns-create \x3Czone_id> A example.com 1.2.3.4 true
# Create www CNAME
cf dns-create \x3Czone_id> CNAME www.example.com example.com true

Set up email (MX + SPF)

cf dns-create \x3Czone_id> MX example.com "mx.provider.com" false 1
cf dns-create \x3Czone_id> TXT example.com "v=spf1 include:provider.com ~all" false

Enable strict SSL

cf ssl-set \x3Czone_id> strict

Safety rules

Always confirm with the user before:

  • Deleting DNS records (dns-delete)
  • Changing SSL mode
  • Modifying firewall rules
  • Any destructive operation

Safe to do freely:

  • Listing/reading zones, records, settings, analytics
  • Verifying token

Reference

For DNS record types, SSL modes, and API details: see references/api-guide.md

Usage Guidance
This skill appears to do what it says, but take these practical precautions before enabling it: 1) Use a least-privilege Cloudflare API token (give only the permissions needed, e.g., Zone:DNS:Edit for DNS tasks); 2) When running dns-import, only supply JSON files you trust (the script will read the file you point to); 3) Be aware curl is called with the Authorization header — the token is sent to api.cloudflare.com (as expected) and may appear briefly in process listings while curl runs; 4) Confirm any destructive actions (dns-delete, cache-purge, tunnel-delete, SSL/setting changes) before execution — the SKILL.md already advises this; 5) If you need tunnels, set CLOUDFLARE_ACCOUNT_ID and consider rotating tunnel secrets as needed. If you want higher assurance, review the included scripts/cf.sh yourself to verify there are no additional network endpoints or logging behaviors beyond api.cloudflare.com.
Capability Analysis
Type: OpenClaw Skill Name: cloudflare-toolkit Version: 1.5.0 The skill bundle is classified as benign. The `scripts/cf.sh` script securely interacts with the Cloudflare API, using `jq -n --arg` for robust input sanitization to prevent shell injection into JSON payloads, and `openssl rand` for secure secret generation. All network calls are directed to the official Cloudflare API. The `SKILL.md` explicitly includes 'Safety rules' instructing the AI agent to confirm destructive operations with the user, which is a strong defense against prompt injection and demonstrates an intent for safe operation. While the skill provides powerful administrative capabilities (e.g., deleting DNS records, creating tunnels), these are aligned with its stated purpose of Cloudflare management, and the implementation lacks any evidence of vulnerabilities, data exfiltration, malicious execution, or persistence mechanisms.
Capability Assessment
Purpose & Capability
Name/description (Cloudflare domain/DNS/SSL/tunnel management) lines up with what is requested and provided: the script calls api.cloudflare.com and uses CLOUDFLARE_API_TOKEN (primary credential). Required binaries (curl, jq, openssl) are appropriate for HTTP calls, JSON processing, and generating secrets for tunnels.
Instruction Scope
SKILL.md instructs the agent to use the included scripts/cf.sh for all operations. The script performs only Cloudflare API calls, lists/manipulates DNS, settings, tunnels, analytics, and reads an import file only when the dns-import command is invoked. The SKILL.md documents destructive operations and says to confirm with the user before performing them.
Install Mechanism
No install spec or external downloads; the skill is instruction-only with a bundled script. Nothing is fetched from untrusted URLs and no archives are extracted.
Credentials
Only CLOUDFLARE_API_TOKEN is required (CLOUDFLARE_ACCOUNT_ID is optional for tunnel ops). These credentials are proportionate and directly relevant to Cloudflare management. No unrelated secrets or system config paths are requested.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system settings, and contains no installation step that persists beyond its own files. Autonomous invocation is allowed by default but is not combined with other concerning factors here.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install cloudflare-toolkit
  3. After installation, invoke the skill by name or use /cloudflare-toolkit
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.5.0
Fix: use correct metadata.openclaw format for primaryEnv and requires (env, bins)
v1.4.0
Fix: declare env vars and bin prerequisites in standard frontmatter schema (primaryEnv, requires.env, requires.bins)
v1.3.0
Fix: rename scripts/cf to scripts/cf.sh so ClawHub packaging includes the script
v1.2.0
Fix ClawHub security scan: declare env vars in metadata, clarify bundled script inclusion, remove extraneous README
v1.1.0
Add zone-id lookup, cache-purge, tunnel create/delete, dns export/import, help command, README
v1.0.0
Initial release of cloudflare-toolkit skill. - Manage Cloudflare domains, DNS records, SSL settings, zone configuration, firewall rules, tunnels, and analytics via the Cloudflare API. - Provides a CLI (`cf` script) to perform operations like creating, updating, listing, and deleting DNS records, configuring SSL, managing domains/zones, and viewing analytics. - Supports workflows such as setting up domains, configuring email DNS, and enabling strict SSL. - Includes safety confirmation steps for destructive actions (like deleting DNS or changing SSL). - Requires environment variables for API authentication (`CLOUDFLARE_API_TOKEN`, `CLOUDFLARE_ACCOUNT_ID`).
Metadata
Slug cloudflare-toolkit
Version 1.5.0
License
All-time Installs 9
Active Installs 9
Total Versions 6
Frequently Asked Questions

What is Cloudflare?

Manage Cloudflare domains, DNS records, SSL settings, zone configuration, firewall rules, tunnels, and analytics via the Cloudflare API. Use when the user as... It is an AI Agent Skill for Claude Code / OpenClaw, with 1828 downloads so far.

How do I install Cloudflare?

Run "/install cloudflare-toolkit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Cloudflare free?

Yes, Cloudflare is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Cloudflare support?

Cloudflare is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Cloudflare?

It is built and maintained by Shiwei Song (@insipidpoint); the current version is v1.5.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments