← 返回 Skills 市场
997
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install cf-manager
功能描述
Manage Cloudflare via API — DNS zones and records, page rules, SSL/TLS settings, caching, firewall rules, Workers, and analytics. Free tier includes DNS, CDN, DDoS protection, and SSL.
使用说明 (SKILL.md)
Cloudflare API Skill
Control Cloudflare infrastructure: DNS management, CDN, security, Workers, and more.
Authentication
API token required. Get one from: https://dash.cloudflare.com/profile/api-tokens
Recommended permissions:
- Zone:Zone:Read
- Zone:Zone:Edit
- Zone:DNS:Read
- Zone:DNS:Edit
Store in ~/.config/cloudflare/token:
mkdir -p ~/.config/cloudflare
echo -n "YOUR_API_TOKEN" > ~/.config/cloudflare/token
chmod 600 ~/.config/cloudflare/token
Quick Reference
Zones (Domains)
# List all zones
python3 scripts/cloudflare.py zones list
# Get zone details
python3 scripts/cloudflare.py zones get \x3Cdomain>
# Add new zone
python3 scripts/cloudflare.py zones add \x3Cdomain>
# Delete zone
python3 scripts/cloudflare.py zones delete \x3Cdomain>
# Check zone status (pending/active)
python3 scripts/cloudflare.py zones status \x3Cdomain>
# Purge cache
python3 scripts/cloudflare.py zones purge \x3Cdomain>
python3 scripts/cloudflare.py zones purge \x3Cdomain> --urls https://example.com/page
DNS Records
# List records for a zone
python3 scripts/cloudflare.py dns list \x3Cdomain>
# Add record
python3 scripts/cloudflare.py dns add \x3Cdomain> --type A --name @ --content 1.2.3.4
python3 scripts/cloudflare.py dns add \x3Cdomain> --type CNAME --name www --content example.com
python3 scripts/cloudflare.py dns add \x3Cdomain> --type MX --name @ --content mail.example.com --priority 10
python3 scripts/cloudflare.py dns add \x3Cdomain> --type TXT --name @ --content "v=spf1 include:_spf.google.com ~all"
# Update record
python3 scripts/cloudflare.py dns update \x3Cdomain> \x3Crecord_id> --content 5.6.7.8
# Delete record
python3 scripts/cloudflare.py dns delete \x3Cdomain> \x3Crecord_id>
# Proxy toggle (orange cloud on/off)
python3 scripts/cloudflare.py dns proxy \x3Cdomain> \x3Crecord_id> --on
python3 scripts/cloudflare.py dns proxy \x3Cdomain> \x3Crecord_id> --off
SSL/TLS
# Get SSL mode
python3 scripts/cloudflare.py ssl get \x3Cdomain>
# Set SSL mode (off, flexible, full, strict)
python3 scripts/cloudflare.py ssl set \x3Cdomain> --mode full
# Always use HTTPS
python3 scripts/cloudflare.py ssl https \x3Cdomain> --on
Page Rules
# List page rules
python3 scripts/cloudflare.py rules list \x3Cdomain>
# Add redirect rule
python3 scripts/cloudflare.py rules add \x3Cdomain> --match "example.com/*" --redirect "https://new.com/$1"
# Delete rule
python3 scripts/cloudflare.py rules delete \x3Cdomain> \x3Crule_id>
Firewall
# List firewall rules
python3 scripts/cloudflare.py firewall list \x3Cdomain>
# Block IP
python3 scripts/cloudflare.py firewall block \x3Cdomain> --ip 1.2.3.4 --note "Spammer"
# Block country
python3 scripts/cloudflare.py firewall block \x3Cdomain> --country CN --note "Block China"
# Whitelist IP
python3 scripts/cloudflare.py firewall allow \x3Cdomain> --ip 1.2.3.4
# Challenge (captcha) for IP range
python3 scripts/cloudflare.py firewall challenge \x3Cdomain> --ip 1.2.3.0/24
Analytics
# Get traffic stats (last 24h)
python3 scripts/cloudflare.py analytics \x3Cdomain>
# Get stats for date range
python3 scripts/cloudflare.py analytics \x3Cdomain> --since 2024-01-01 --until 2024-01-31
Workers (Serverless)
# List workers
python3 scripts/cloudflare.py workers list
# Deploy worker
python3 scripts/cloudflare.py workers deploy \x3Cname> --script worker.js
# Delete worker
python3 scripts/cloudflare.py workers delete \x3Cname>
DNS Record Types
| Type | Purpose | Example |
|---|---|---|
| A | IPv4 address | 192.0.2.1 |
| AAAA | IPv6 address | 2001:db8::1 |
| CNAME | Alias | www → example.com |
| MX | Mail server | mail.example.com (priority 10) |
| TXT | Text/verification | v=spf1 ... |
| NS | Nameserver | ns1.example.com |
| SRV | Service | _sip._tcp.example.com |
| CAA | Certificate authority | letsencrypt.org |
Proxy Status (Orange Cloud)
- Proxied (on): Traffic goes through Cloudflare CDN — caching, DDoS protection, hides origin IP
- DNS only (off): Direct connection to origin — use for mail servers, non-HTTP services
# Enable proxy
python3 scripts/cloudflare.py dns add example.com --type A --name @ --content 1.2.3.4 --proxied
# Disable proxy (DNS only)
python3 scripts/cloudflare.py dns add example.com --type A --name mail --content 1.2.3.4 --no-proxy
SSL Modes
| Mode | Description |
|---|---|
| off | No SSL (not recommended) |
| flexible | HTTPS to Cloudflare, HTTP to origin |
| full | HTTPS end-to-end, any cert on origin |
| strict | HTTPS end-to-end, valid cert on origin |
Common Workflows
Add a New Domain
# 1. Add zone to Cloudflare
python3 scripts/cloudflare.py zones add example.com
# 2. Note the nameservers (e.g., adam.ns.cloudflare.com, bella.ns.cloudflare.com)
# 3. Update nameservers at your registrar
# 4. Add DNS records
python3 scripts/cloudflare.py dns add example.com --type A --name @ --content 1.2.3.4 --proxied
python3 scripts/cloudflare.py dns add example.com --type CNAME --name www --content example.com --proxied
# 5. Set SSL to strict
python3 scripts/cloudflare.py ssl set example.com --mode strict
Migrate DNS from Another Provider
# 1. Add zone (Cloudflare will scan existing records)
python3 scripts/cloudflare.py zones add example.com
# 2. Verify records imported correctly
python3 scripts/cloudflare.py dns list example.com
# 3. Add any missing records
python3 scripts/cloudflare.py dns add example.com --type MX --name @ --content mail.example.com --priority 10
# 4. Update nameservers at registrar
# 5. Wait for propagation, check status
python3 scripts/cloudflare.py zones status example.com
Set Up Email Records
# MX records
python3 scripts/cloudflare.py dns add example.com --type MX --name @ --content mx1.provider.com --priority 10
python3 scripts/cloudflare.py dns add example.com --type MX --name @ --content mx2.provider.com --priority 20
# SPF
python3 scripts/cloudflare.py dns add example.com --type TXT --name @ --content "v=spf1 include:_spf.provider.com ~all"
# DKIM
python3 scripts/cloudflare.py dns add example.com --type TXT --name selector._domainkey --content "v=DKIM1; k=rsa; p=..."
# DMARC
python3 scripts/cloudflare.py dns add example.com --type TXT --name _dmarc --content "v=DMARC1; p=quarantine; rua=mailto:[email protected]"
Direct API Access
TOKEN=$(cat ~/.config/cloudflare/token)
curl -H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
https://api.cloudflare.com/client/v4/zones
API Documentation
- Full API reference: https://developers.cloudflare.com/api/
- API v4 base URL: https://api.cloudflare.com/client/v4/
Free Plan Includes
- DNS hosting (unlimited queries)
- CDN (caching at 300+ edge locations)
- DDoS protection (unmetered)
- SSL/TLS certificates (auto-renewed)
- 3 page rules
- Basic firewall rules
- Analytics
Nameservers
When you add a domain, Cloudflare assigns two nameservers like:
adam.ns.cloudflare.combella.ns.cloudflare.com
Update these at your domain registrar. Zone stays "pending" until nameservers propagate.
安全使用建议
What to consider before installing:
- Source verification: the skill has no homepage and an unknown source; confirm the author or obtain the script from a trusted location before installing or running it.
- Credential handling: the tool requires a Cloudflare API token stored at ~/.config/cloudflare/token. Do NOT store your global API key; create an API Token with the minimal scopes needed (prefer zone-specific permissions and avoid account-wide rights).
- Least privilege: grant only Zone:DNS/Zone:Edit or other minimal permissions required for your workflow; avoid broad permissions that allow deleting zones or changing nameservers unless explicitly needed.
- File security: set the token file permissions to 600 and ensure only you can read it. Rotate the token after use if you have doubts.
- Review code: we inspected scripts/cloudflare.py — it calls only api.cloudflare.com and follows expected API paths. Still review the full script yourself (or run it in an isolated environment) if you lack trust in the publisher.
- Metadata mismatch: ask the publisher to update the registry metadata to declare the required config path or credential; the current omission is an integrity/usability concern.
- Risk summary: granting a Cloudflare API token lets the tool modify DNS, firewall, and routing — an attacker with that token could redirect traffic, disable protections, or take ownership of services. Use a limited-scope token and test in a non-production zone first.
功能分析
Type: OpenClaw Skill
Name: cf-manager
Version: 1.0.0
The OpenClaw AgentSkills skill bundle for Cloudflare management is classified as benign. The `SKILL.md` provides clear, non-malicious instructions for authenticating with a Cloudflare API token stored locally at `~/.config/cloudflare/token` and examples for using the provided Python script. The `scripts/cloudflare.py` script exclusively interacts with the official Cloudflare API (`https://api.cloudflare.com/client/v4`) using standard Python libraries, without any evidence of data exfiltration to unauthorized endpoints, malicious command execution, persistence mechanisms, or prompt injection attempts against the agent. All functionalities align with the stated purpose of managing Cloudflare resources.
能力评估
Purpose & Capability
The SKILL.md and scripts/cloudflare.py implement a Cloudflare API CLI (zones, DNS, firewall, workers, analytics) which is coherent with the skill name/description. However, the registry metadata declares no required credentials or config paths while both the README and the script require an API token stored at ~/.config/cloudflare/token. That omission in metadata is an incoherence.
Instruction Scope
SKILL.md instructs only Cloudflare-related actions and how to store the API token. The script performs HTTP requests only to api.cloudflare.com and operates on Cloudflare resources. There are no instructions to read unrelated system files or transmit data to other endpoints.
Install Mechanism
There is no install spec (instruction-only) and an included Python script that relies only on the standard library. Nothing is downloaded from arbitrary URLs or extracted to disk by an installer. Risk from install mechanism is low.
Credentials
The skill requires a Cloudflare API token (SKILL.md and script expect ~/.config/cloudflare/token) but the registry metadata lists no required env vars or config paths and no primary credential. Requesting a Cloudflare token is proportionate to the stated purpose, but the missing declaration is a metadata/integrity problem that makes it harder to assess privilege scope up front.
Persistence & Privilege
Flags are default (not always), the skill does not request elevated system privileges, and it only suggests creating a token file under the user's home (~/.config/cloudflare). It does not modify other skills or system-wide settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install cf-manager - 安装完成后,直接呼叫该 Skill 的名称或使用
/cf-manager触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: Manage Cloudflare infrastructure from the command line.
- Control DNS zones and records, page rules, firewall rules, SSL/TLS settings, Workers, and analytics via Cloudflare API.
- Offers detailed command examples for tasks including DNS management, cache purging, proxy settings, and page redirects.
- Provides setup instructions for authentication using API tokens.
- Includes reference guides for DNS record types, SSL modes, common workflows (domain migration, email setup), and DNS proxy options.
- Links to official API documentation and highlights features included in Cloudflare's free plan.
元数据
常见问题
Cloudflare Manager 是什么?
Manage Cloudflare via API — DNS zones and records, page rules, SSL/TLS settings, caching, firewall rules, Workers, and analytics. Free tier includes DNS, CDN, DDoS protection, and SSL. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 997 次。
如何安装 Cloudflare Manager?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install cf-manager」即可一键安装,无需额外配置。
Cloudflare Manager 是免费的吗?
是的,Cloudflare Manager 完全免费(开源免费),可自由下载、安装和使用。
Cloudflare Manager 支持哪些平台?
Cloudflare Manager 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Cloudflare Manager?
由 rexlunae(@rexlunae)开发并维护,当前版本 v1.0.0。
推荐 Skills