← Back to Skills Marketplace
lucassynnott

Cloudflare API

by Lucas Synnott · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
2810
Downloads
3
Stars
15
Active Installs
1
Versions
Install in OpenClaw
/install cloudflare-api
Description
Connect to Cloudflare API for DNS management, tunnels, and zone administration. Use when user needs to manage domains, DNS records, or create tunnels.
README (SKILL.md)

Cloudflare Skill

Connect to Cloudflare API for DNS management, tunnels, and zone administration.

Setup

1. Get Your API Token

  1. Go to dash.cloudflare.com/profile/api-tokens
  2. Create a token with required permissions:
    • Zone:Read - List domains
    • DNS:Edit - Manage DNS records
    • Account:Cloudflare Tunnel:Edit - Manage tunnels
  3. Copy the token

2. Configure

# Option A: Store in file (recommended)
echo "YOUR_API_TOKEN" > ~/.cloudflare_token
chmod 600 ~/.cloudflare_token

# Option B: Environment variable
export CLOUDFLARE_API_TOKEN="YOUR_API_TOKEN"

3. Test Connection

./scripts/setup.sh

Commands

Zones (Domains)

./scripts/zones/list.sh                    # List all zones
./scripts/zones/list.sh --json             # JSON output
./scripts/zones/get.sh example.com         # Get zone details

DNS Records

# List records
./scripts/dns/list.sh example.com
./scripts/dns/list.sh example.com --type A
./scripts/dns/list.sh example.com --name api

# Create record
./scripts/dns/create.sh example.com \
  --type A \
  --name api \
  --content 1.2.3.4 \
  --proxied

# Create CNAME
./scripts/dns/create.sh example.com \
  --type CNAME \
  --name www \
  --content example.com \
  --proxied

# Update record
./scripts/dns/update.sh example.com \
  --name api \
  --type A \
  --content 5.6.7.8

# Delete record
./scripts/dns/delete.sh example.com --name api --type A

Tunnels

# List tunnels
./scripts/tunnels/list.sh

# Create tunnel
./scripts/tunnels/create.sh my-tunnel

# Configure tunnel ingress
./scripts/tunnels/configure.sh my-tunnel \
  --hostname app.example.com \
  --service http://localhost:3000

# Get run token
./scripts/tunnels/token.sh my-tunnel

# Delete tunnel
./scripts/tunnels/delete.sh my-tunnel

Token Permissions

Feature Required Permission
List zones Zone:Read
Manage DNS DNS:Edit
Manage tunnels Account:Cloudflare Tunnel:Edit

Create token at: dash.cloudflare.com/profile/api-tokens

Common Workflows

Point subdomain to server

./scripts/dns/create.sh mysite.com --type A --name api --content 1.2.3.4 --proxied

Set up tunnel for local service

# 1. Create tunnel
./scripts/tunnels/create.sh webhook-tunnel

# 2. Configure ingress
./scripts/tunnels/configure.sh webhook-tunnel \
  --hostname hook.mysite.com \
  --service http://localhost:8080

# 3. Add DNS record
TUNNEL_ID=$(./scripts/tunnels/list.sh --name webhook-tunnel --quiet)
./scripts/dns/create.sh mysite.com \
  --type CNAME \
  --name hook \
  --content ${TUNNEL_ID}.cfargotunnel.com \
  --proxied

# 4. Run tunnel
TOKEN=$(./scripts/tunnels/token.sh webhook-tunnel)
cloudflared tunnel run --token $TOKEN

Output Formats

Flag Description
--json Raw JSON from API
--table Formatted table (default)
--quiet Minimal output (IDs only)

Troubleshooting

Error Solution
"No API token found" Run setup or set CLOUDFLARE_API_TOKEN
"401 Unauthorized" Check token is valid
"403 Forbidden" Token missing required permission
"Zone not found" Verify domain is in your account
Usage Guidance
What to consider before installing: - This package is a local script-based Cloudflare client. It needs your Cloudflare API token (either in CLOUDFLARE_API_TOKEN or stored at ~/.cloudflare_token). The registry metadata did not declare this — treat that omission as a red flag. - The skill also calls openssl (to generate a secret) and the README mentions running cloudflared; make sure those binaries exist and that you understand what they will execute. The metadata only lists curl and jq, so openssl/cloudflared are undeclared dependencies. - Only provide a token scoped to the minimum permissions needed (Zone:Read, DNS:Edit, Account:Cloudflare Tunnel:Edit) and avoid using an account-level or global API key. Prefer creating a limited API token in the Cloudflare dashboard. - Inspect the scripts locally before running them (they are included in the package). Confirm they only call api.cloudflare.com and do not exfiltrate data elsewhere — in this case the scripts call only Cloudflare endpoints. - Store the token securely (file with chmod 600 or environment variable managed by your secrets tooling). If you have any doubt about the author/source, do not provide credentials and run the scripts in an isolated environment. If the publisher fixes the metadata to declare the token and openssl/cloudflared requirements and you review the scripts yourself, the skill is coherent for its intended purpose. Until then, proceed cautiously.
Capability Analysis
Type: OpenClaw Skill Name: cloudflare-api Version: 1.0.0 The OpenClaw AgentSkills skill bundle for Cloudflare API management is benign. It provides legitimate functionality for managing Cloudflare DNS, zones, and tunnels. API tokens are handled securely by reading from environment variables or a protected file (`~/.cloudflare_token`) and are only used for authenticated requests to the official Cloudflare API (`https://api.cloudflare.com`). The `SKILL.md` file contains clear instructions for the user and does not exhibit any prompt injection attempts against the agent. All scripts (`scripts/*.sh`) use standard tools like `curl`, `jq`, and `openssl` in a safe and expected manner, without any signs of data exfiltration, malicious execution, persistence mechanisms, or obfuscation.
Capability Assessment
Purpose & Capability
The name/description match the included scripts: they call the Cloudflare API to list zones, manage DNS records, and manage tunnels. Declared required binaries (curl, jq) are appropriate. However, scripts also call openssl (to generate a tunnel secret) and the README references cloudflared for running tunnels; openssl and cloudflared are not declared as required binaries. The capability set itself is consistent with the stated purpose.
Instruction Scope
SKILL.md instructs storing an API token in ~/.cloudflare_token or in CLOUDFLARE_API_TOKEN and to run ./scripts/setup.sh; the scripts indeed read ~/.cloudflare_token and the environment variable. The instructions and scripts do not try to read unrelated system files or contact endpoints outside Cloudflare's API, which is good. The concern is the SKILL.md and package metadata disagree on what credentials/config are required (see environment_proportionality).
Install Mechanism
There is no install spec (instruction-only style) and no remote downloads; all code is included in the bundle. That keeps install risk low. No extracted archives or external installers are used. Note: because scripts run commands (openssl, cloudflared), the runtime must have those binaries and the skill will rely on them when executed.
Credentials
The scripts require a Cloudflare API token (read from CLOUDFLARE_API_TOKEN or ~/.cloudflare_token) and SKILL.md describes required token scopes (Zone:Read, DNS:Edit, Account:Cloudflare Tunnel:Edit). But the registry metadata lists no required environment variables and no primary credential — a clear mismatch. The requested permissions are appropriate for the task (not excessive), but the metadata omission is misleading and could cause users to accidentally provide a high-privilege token without realizing it.
Persistence & Privilege
The skill does not request always:true and does not attempt to modify other skills or agent-wide configuration. It reads a token file from the user's home and uses it to call Cloudflare APIs — expected behavior for this functionality.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install cloudflare-api
  3. After installation, invoke the skill by name or use /cloudflare-api
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release - DNS management, tunnels, and zone administration
Metadata
Slug cloudflare-api
Version 1.0.0
License
All-time Installs 15
Active Installs 15
Total Versions 1
Frequently Asked Questions

What is Cloudflare API?

Connect to Cloudflare API for DNS management, tunnels, and zone administration. Use when user needs to manage domains, DNS records, or create tunnels. It is an AI Agent Skill for Claude Code / OpenClaw, with 2810 downloads so far.

How do I install Cloudflare API?

Run "/install cloudflare-api" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Cloudflare API free?

Yes, Cloudflare API is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Cloudflare API support?

Cloudflare API is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Cloudflare API?

It is built and maintained by Lucas Synnott (@lucassynnott); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments