← 返回 Skills 市场

Cloudflare Open WebUI Tunnel Operator

Name: Cloudflare Open WebUI Tunnel Operator
Author: grey0758

作者 grey0758 · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

198

总下载

当前安装

版本数

在 OpenClaw 中安装

/install cloudflare-openwebui-tunnel-operator

功能描述

Create and maintain a Cloudflare Tunnel for Open WebUI using a 1Password-managed API token, Docker runtime, and optional systemd persistence. 使用 1Password 管理...

使用说明 (SKILL.md)

Cloudflare Open WebUI Tunnel Operator

Use this skill when Open WebUI should be exposed through a Cloudflare Tunnel and the Cloudflare API token is stored in 1Password. 当需要通过 Cloudflare Tunnel 暴露 Open WebUI，且 Cloudflare API token 保存在 1Password 中时，使用这个 skill。

Read First | 先读这些

{baseDir}/README.md
{baseDir}/WORKFLOW.md
{baseDir}/FAQ.md
{baseDir}/CHANGELOG.md

Primary Rule | 核心原则

Treat 1Password as the secret source, knowledge/ as the canonical documentation source, and ClawHub only as the distribution layer. 把 1Password 当作密钥来源，把 knowledge/ 当作规范文档来源，把 ClawHub 仅当作分发层。

Workflow | 执行流程

confirm local Open WebUI health 确认本地 Open WebUI 健康
confirm op can read the Cloudflare token 确认 op 能读取 Cloudflare token
create or update the remote-managed tunnel and DNS 创建或更新 remote-managed tunnel 与 DNS
write the runtime tunnel token to a local env file 把运行态 tunnel token 写入本地 env 文件
start cloudflared with Docker 用 Docker 启动 cloudflared
persist the tunnel with systemd if reboots must survive 如果需要跨重启持久化，用 systemd
verify both local and public URLs 验证本地与公网 URL
backfill account_id in 1Password if it was inferred 如果 account_id 是推断得到的，回填到 1Password

Strong Heuristics | 强判断规则

if the local Open WebUI is down, do not debug Cloudflare first
if the 1Password item lacks account_id, derive it once and write it back
if systemd cannot authenticate to 1Password, check whether it is calling the wrong op binary
if the public URL returns 502, check origin readiness before changing tunnel config
use a hostname derived from project meaning, not the machine hostname

中文解释：

本地 Open WebUI 没起来，就不要先查 Cloudflare。
1Password 缺 account_id 时，可先推断一次，再回填。
systemd 认证不到 1Password 时，优先检查它是否调用了错误的 op。
公网返回 502 时，先检查 origin 是否就绪，不要先改 tunnel 配置。
域名应按项目语义命名，不要按机器名命名。

Safe Commands | 安全命令

op whoami
docker compose ps
curl -I http://localhost:3301
curl -I https://your-hostname.example.com
systemctl status --no-pager your-tunnel.service

Response Format | 输出格式

Always return: 始终返回：

current workflow status
missing artifacts
next single best action
verification after that

Constraints | 约束

do not reveal secret values from 1Password, .env, or runtime env files
do not publish machine-specific tokens or raw transcripts
prefer self-contained docs and package content
keep the hostname and service mapping explicit

中文约束：

不要泄露 1Password、.env 或运行态 env 文件中的密钥值。
不要发布机器专属 token 或原始聊天记录。
优先保持文档和 skill 包自包含。
明确写清楚 hostname 和 origin service 的映射关系。

安全使用建议

This skill appears to do what it claims, but it has some important gaps you should address before installing: 1) Confirm required CLIs are present: `op` (1Password CLI), `docker`/`docker compose`, `cloudflared`, and `systemctl` — the package metadata does not list them. 2) Understand 1Password access: decide whether you will use an interactive `op` session, an OP_SESSION_* token, or a service-account flow; grant the least privilege needed and test in a safe environment. 3) Protect persisted tokens: the workflow writes a tunnel runtime token to a local env file — ensure strict file permissions, minimal lifetime, and consider not persisting if you can avoid it. 4) Be cautious with systemd: if you enable a systemd unit that reads 1Password, ensure it uses an isolated service account or wrapper and cannot leak secrets to other processes. 5) Require explicit consent for writing back `account_id` to 1Password and log that action. 6) Ask the publisher to update metadata to declare required binaries and any expected environment variables or session requirements; that makes auditing and safe deployment easier.

功能分析

Type: OpenClaw Skill Name: cloudflare-openwebui-tunnel-operator Version: 1.0.0 The skill automates high-risk administrative tasks including secret management via the 1Password CLI (`op`), network tunnel creation, and system persistence via `systemd` and Docker. While the instructions in `SKILL.md` and `WORKFLOW.md` include security constraints (e.g., not revealing secrets), the requirement for the agent to read/write to a secret manager and modify system-level configurations constitutes high-risk behavior that warrants caution.

能力评估

ℹ Purpose & Capability

The described functionality (Cloudflare tunnel for Open WebUI using a 1Password token, Docker, optional systemd) matches the instructions. However, the metadata declares no required binaries or credentials even though the runtime instructions call out `op` (1Password CLI), `docker compose`/`docker`, `cloudflared` and `systemctl`. The omission is an incoherence — the skill will require external CLIs and 1Password access to function.

ℹ Instruction Scope

The SKILL.md stays on-scope: it verifies local service health, uses 1Password as the secret source, creates the remote-managed tunnel, writes the tunnel runtime token to a local env file, and optionally creates a systemd unit. These actions are expected for the stated goal, but several instructions perform sensitive operations (persisting a runtime token to disk, enabling systemd units that may need 1Password access). The document explicitly prohibits revealing secrets, but it does instruct persistence of secret tokens to local files and writing back `account_id` into 1Password — both require careful access controls and explicit user consent.

✓ Install Mechanism

This is an instruction-only skill with no install spec and no code files, so it does not download or install third-party packages on its own. That lowers installation risk. The skill still depends on external binaries being present on the host (see purpose_capability note).

⚠ Credentials

The workflow requires access to 1Password items and will produce and persist a tunnel token locally; yet the skill metadata lists no required environment variables or primary credential. In real usage, `op` often requires a session environment (OP_SESSION_*) or service-account credentials; systemd may need its own auth mechanism or wrapper. The absence of declared env/credential requirements is a mismatch and increases the chance that an operator will misconfigure secrets or inadvertently expose persisted tokens. Writing runtime tokens to disk is proportionate to running cloudflared but is sensitive and should be documented with file-permission guidance and minimised lifetime.

ℹ Persistence & Privilege

The skill does not set always:true and is user-invocable only (normal). It suggests creating/enabling a systemd unit for persistence, which is reasonable for a long-running tunnel but raises privilege/attack-surface concerns: a systemd service that can access 1Password or a persisted env file must be carefully constrained (least privilege, file permissions, and service account separation). The skill does not provide explicit guidance for secure service configuration.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install cloudflare-openwebui-tunnel-operator
安装完成后，直接呼叫该 Skill 的名称或使用 /cloudflare-openwebui-tunnel-operator 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of cloudflare-openwebui-tunnel-operator. - Enables setup and management of a Cloudflare Tunnel for Open WebUI using a 1Password API token, Docker, and optional systemd persistence. - Includes bilingual (EN/中文) documentation outlining workflow, rules, safe operations, and constraints. - Defines safe command set and strong heuristics for security and troubleshooting. - Specifies always-returned response format for workflow status, missing artifacts, next action, and verification. - Emphasizes explicit hostname mapping and protection of sensitive credentials.

元数据

Slug cloudflare-openwebui-tunnel-operator

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题