← Back to Skills Marketplace
ystemsrx

CF Share

by Sixteen · GitHub ↗ · v0.1.6 · MIT-0
cross-platform ⚠ suspicious
737
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install cfshare
Description
Use the cfshare CLI to expose local ports/files as temporary Cloudflare Quick Tunnel URLs. Trigger when a user needs a temporary public URL for a local servi...
README (SKILL.md)

\r \r

CFShare CLI Skill\r

\r cfshare wraps Cloudflare Quick Tunnel and outputs structured JSON.\r \r

Install when version checks fail\r

\r If either command fails, install missing binaries before running any cfshare tool.\r \r

cfshare --version\r
cloudflared --version\r
```\r
\r
1. If `cfshare --version` fails, install `cfshare` (requires Node.js and npm):\r
\r
```bash\r
npm install -g @ystemsrx/cfshare\r
```\r
\r
2. If `cloudflared --version` fails, install `cloudflared` by platform:\r
\r
macOS:\r
\r
```bash\r
brew install cloudflare/cloudflare/cloudflared\r
```\r
\r
Debian/Ubuntu:\r
\r
```bash\r
curl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null\r
echo "deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/cloudflared.list\r
sudo apt-get update && sudo apt-get install -y cloudflared\r
```\r
\r
Windows (PowerShell):\r
\r
```powershell\r
winget install --id Cloudflare.cloudflared\r
```\r
\r
WSL/Linux generic binary install:\r
\r
```bash\r
curl -fsSL https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64 -o /usr/local/bin/cloudflared\r
sudo chmod +x /usr/local/bin/cloudflared\r
```\r
\r
3. Re-run both version checks. If still failing, stop and report exact stderr output to user.\r
\r
## CLI contract\r
\r
```bash\r
cfshare \x3Ctool> [params-json] [options]\r
```\r
\r
Supported tools:\r
\r
- `env_check`\r
- `expose_port`\r
- `expose_files`\r
- `exposure_list`\r
- `exposure_get`\r
- `exposure_stop`\r
- `exposure_logs`\r
- `maintenance`\r
- `audit_query`\r
- `audit_export`\r
\r
Global options:\r
\r
- `--params '\x3Cjson>'` or `--params-file \x3Cpath>`\r
- `--config '\x3Cjson>'` or `--config-file \x3Cpath>`\r
- `--workspace-dir \x3Cdir>` (only used by `expose_files`)\r
- `--keep-alive` (for `expose_*`, keep foreground process alive)\r
- `--no-keep-alive` (default for `expose_*`, print result then exit)\r
- `--compact`\r
\r
Command names accept `_` and `-` (for example `expose-port` == `expose_port`).\r
\r
## Standard workflow for agents\r
\r
1. Run `env_check` first.\r
2. Create exposure with `expose_port` or `expose_files`.\r
3. Return `public_url` and `expires_at` to user immediately.\r
4. By default, `expose_*` prints result and exits.\r
5. Use `--keep-alive` only when foreground lifecycle control is needed; stop with `Ctrl+C` when done.\r
\r
Recommended for stable automation:\r
\r
- Prefer `--params`/`--params-file` over positional raw JSON to reduce quoting errors.\r
- Prefer `access: "token"` for sensitive content.\r
- Treat `access: "none"` as publicly readable by anyone with link.\r
\r
## Tool usage\r
\r
### 1) env_check\r
\r
```bash\r
cfshare env_check\r
```\r
\r
Returns:\r
\r
- `cloudflared.ok/path/version`\r
- `defaults` (effective policy + runtime paths)\r
- `warnings`\r
\r
### 2) expose_port\r
\r
```bash\r
cfshare expose_port --params '{"port":3000,"opts":{"access":"token","ttl_seconds":3600}}'\r
```\r
\r
Params:\r
\r
- `port`: `1..65535`\r
- `opts.ttl_seconds`\r
- `opts.access`: `token | basic | none`\r
- `opts.protect_origin`: default `access != "none"`\r
- `opts.allowlist_paths`: path prefix allowlist for reverse proxy\r
\r
Returns:\r
\r
- `id`\r
- `public_url` (token mode auto-appends `?token=...`)\r
- `local_url`\r
- `expires_at`\r
- `access_info` (secrets are masked)\r
\r
### 3) expose_files\r
\r
```bash\r
cfshare expose_files --params '{"paths":["./dist"],"opts":{"mode":"normal","presentation":"preview","access":"none"}}'\r
```\r
\r
Params:\r
\r
- `paths`: files/directories to copy into temp workspace\r
- `opts.mode`: `normal | zip` (default `normal`)\r
- `opts.presentation`: `download | preview | raw` (default `download`)\r
- `opts.ttl_seconds`\r
- `opts.access`: `token | basic | none`\r
- `opts.max_downloads`: auto-stop after threshold\r
\r
File Serving Behavior:\r
\r
Mode: normal\r
\r
- Single file → served directly at the root URL.\r
- Multiple files or a directory → displayed in an intuitive file explorer interface.\r
\r
Mode: zip\r
\r
- All files are packaged into a ZIP archive.\r
\r
Presentation:\r
\r
- Default behaviors: download | preview | raw\r
- Behavior can be overridden via query parameters.\r
  - download → forces browser file save.\r
  - preview → renders inline (images, PDF, Markdown, audio/video, HTML, text, etc.).\r
  - raw → serves original content without any wrapper.\r
- If a file type is not previewable, preview automatically falls back to raw, then to download.\r
\r
Returns:\r
\r
- `id`, `public_url`, `expires_at`, `mode`, `presentation`\r
- `manifest`, `manifest_mode`, `manifest_meta`\r
\r
### 4) exposure_list\r
\r
```bash\r
cfshare exposure_list\r
```\r
\r
Lists tracked sessions with `id/type/status/public_url/local_url/expires_at`.\r
\r
### 5) exposure_get\r
\r
```bash\r
cfshare exposure_get --params '{"id":"port_xxx","opts":{"probe_public":true}}'\r
cfshare exposure_get --params '{"filter":{"status":"running"},"fields":["id","status","public_url"]}'\r
```\r
\r
Supports selector by `id`, `ids`, or `filter`.\r
Can probe public reachability via `opts.probe_public`.\r
\r
### 6) exposure_stop\r
\r
```bash\r
cfshare exposure_stop --params '{"id":"all"}'\r
```\r
\r
Stops tunnel/proxy/origin and removes temporary workspace.\r
Returns `{stopped, failed, cleaned}`.\r
\r
### 7) exposure_logs\r
\r
```bash\r
cfshare exposure_logs --params '{"id":"files_xxx","opts":{"component":"all","lines":200}}'\r
```\r
\r
`component`: `tunnel | origin | all`.\r
\r
### 8) maintenance\r
\r
```bash\r
cfshare maintenance --params '{"action":"run_gc"}'\r
cfshare maintenance --params '{"action":"set_policy","opts":{"policy":{"maxTtlSeconds":7200},"ignore_patterns":["*.pem",".env*"]}}'\r
```\r
\r
Actions:\r
\r
- `start_guard`\r
- `run_gc`\r
- `set_policy` (requires `opts.policy` or `opts.ignore_patterns`)\r
\r
### 9) audit_query\r
\r
```bash\r
cfshare audit_query --params '{"filters":{"event":"exposure_started","limit":100}}'\r
```\r
\r
### 10) audit_export\r
\r
```bash\r
cfshare audit_export --params '{"range":{"from_ts":"2026-01-01T00:00:00Z","output_path":"./audit.jsonl"}}'\r
```\r
\r
## Runtime files (CLI mode)\r
\r
Default CLI state directory is `~/.cfshare`:\r
\r
- `policy.json`\r
- `policy.ignore`\r
- `audit.jsonl`\r
- `sessions.json`\r
- `workspaces/`\r
- `exports/`\r
\r
## Important limitations in CLI mode\r
\r
- `expose_port` and `expose_files` exit by default after printing result; use `--keep-alive` to hold foreground.\r
- Current session registry is in-process memory; separate `cfshare` invocations do not restore full live session state.\r
- `basic` mode credentials are masked in outputs, so `token` is usually the practical authenticated mode for agent-delivered links.\r
\r
## Troubleshooting\r
\r
- `cloudflared binary not found`: install `cloudflared` or set `--config '{"cloudflaredPath":"..."}'`\r
- `local service is not reachable on 127.0.0.1:\x3Cport>`: start service first\r
- `path blocked by ignore policy`: adjust `policy.ignore` or `maintenance set_policy`\r
- `port blocked by policy`: update `blockedPorts` in policy if intentional\r
\r
Use `CFSHARE_LOG_LEVEL=info` or `CFSHARE_LOG_LEVEL=debug` for more stderr logs.\r
Usage Guidance
This skill appears to do what it advertises (create temporary public URLs) but you should verify a few things before installing or running it: 1) Confirm the npm package (@ystemsrx/cfshare) and its source repository are legitimate and review its install scripts — npm -g can run arbitrary code. 2) Check the cloudflared binary source (the SKILL.md references official Cloudflare repos and GitHub releases; prefer package manager installs or signed releases). 3) Clarify whether you need a Cloudflare account or service credentials (the SKILL.md is silent on account credentials but exposes token/basic access modes). 4) Remember that exposing files/ports can leak sensitive data — test with non-sensitive files and use token access where possible. 5) If you need higher assurance, run the installs in a sandbox or VM, and inspect the installed cfshare package contents and the output of cfshare env_check before exposing anything important.
Capability Analysis
Type: OpenClaw Skill Name: cfshare Version: 0.1.6 The skill provides high-risk capabilities for exposing local ports and files to the public internet via Cloudflare Quick Tunnels. It includes instructions for the agent to perform system-level installations of a specific third-party npm package (@ystemsrx/cfshare) and download binaries via curl. While the skill includes some security features like a policy ignore list (e.g., for .env files), the inherent risk of automated internet exposure of local resources and the requirement to install external, user-controlled software make it suspicious. (Files: SKILL.md, _meta.json)
Capability Assessment
Purpose & Capability
Name/description (expose local ports/files via Cloudflare Quick Tunnel) align with the instructions: it calls cfshare and cloudflared, supports exposing ports/files, listing/stopping exposures, and exporting audit state. The declared required binaries in metadata (cfshare, cloudflared) match runtime checks.
Instruction Scope
SKILL.md stays within the stated purpose: it instructs running env_check, creating exposures, copying paths into a temporary workspace, and returning public_url/expires_at. It explicitly exposes user files/ports publicly (or with token/basic access) — this is expected but high-risk from a privacy perspective. It does not instruct reading unrelated system files or environment variables, though it references 'defaults' and 'runtime paths' which may cause the tool to read local config/policy files.
Install Mechanism
No install spec in the skill bundle (instruction-only). The SKILL.md recommends installing cfshare via npm -g and cloudflared via brew/apt/winget or a GitHub release binary. Those sources are common but carry moderate risk: npm packages run install scripts and can execute arbitrary code, and curl to download/extract binaries executes network-fetched code. Verify package provenance and signatures before installing.
Credentials
The skill declares no required environment variables or credentials, but it provides access modes (token/basic/none) and mentions masked access_info. It's unclear whether Cloudflare account credentials or cloudflared secrets (if any) are needed or how tokens are generated/managed. The lack of explicit mention of required Cloudflare credentials is an omission worth clarifying.
Persistence & Privilege
always:false and no install artifacts in the skill bundle. The skill may advise running cfshare with --keep-alive for foreground lifecycle but does not request permanent agent presence or modification of other skills/config. No evidence of elevated or persistent privileges requested by the skill manifest itself.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install cfshare
  3. After installation, invoke the skill by name or use /cfshare
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.6
- Removed the "allowed-tools" field from the skill manifest for improved compatibility. - No functional or CLI changes made in this release.
v0.1.5
- Major update: cfshare now uses a dedicated CLI wrapper instead of direct Cloudflare Quick Tunnel invocation. - Updated all commands and examples to use the new cfshare CLI (`cfshare <tool> [options]`) with structured JSON out. - Clarified installation instructions for both cfshare and cloudflared, with platform-specific guidance. - Expanded tool explanations and provided full CLI usage details for each cfshare command. - Documented recommended agent workflows, troubleshooting steps, limitations in CLI mode, and paths for all runtime files. - Most behaviors from prior version are retained but now reference cfshare CLI usage and options directly.
v0.1.0
Initial release of cfshare – easily share or preview local services and files via secure temporary HTTPS links using Cloudflare Quick Tunnel.
Metadata
Slug cfshare
Version 0.1.6
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 3
Frequently Asked Questions

What is CF Share?

Use the cfshare CLI to expose local ports/files as temporary Cloudflare Quick Tunnel URLs. Trigger when a user needs a temporary public URL for a local servi... It is an AI Agent Skill for Claude Code / OpenClaw, with 737 downloads so far.

How do I install CF Share?

Run "/install cfshare" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is CF Share free?

Yes, CF Share is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does CF Share support?

CF Share is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created CF Share?

It is built and maintained by Sixteen (@ystemsrx); the current version is v0.1.6.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments