← 返回 Skills 市场
itamarcoh3n

Cloudflare Wrangler & Pages

作者 Itamar C · GitHub ↗ · v1.1.0
cross-platform ⚠ suspicious
435
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install cloudflare-wrangler
功能描述
Manage Cloudflare Workers, KV, D1, R2, and secrets using the Wrangler CLI. Use when deploying workers, managing databases, storing objects, or configuring Cl...
使用说明 (SKILL.md)

Cloudflare (Wrangler CLI)

Manage Cloudflare Workers and associated services via the wrangler CLI.

R2 Configuration

Credentials stored in ~/.openclaw/secrets.json under cloudflare.r2:

{
  "cloudflare": {
    "apiToken": "\x3Cmain API token>",
    "r2": {
      "accessKeyId": "\x3CR2 access key>",
      "secretAccessKey": "\x3CR2 secret key>",
      "endpoint": "https://\x3CaccountId>.r2.cloudflarestorage.com",
      "bucket": "openclaw"
    }
  }
}

Lifecycle Rules (auto-delete)

R2 lifecycle rules auto-delete objects after N days. Minimum granularity is 1 day (no hours/minutes).

import boto3
from botocore.config import Config

client = boto3.client("s3", endpoint_url=r2["endpoint"],
    aws_access_key_id=r2["accessKeyId"],
    aws_secret_access_key=r2["secretAccessKey"],
    region_name="auto", config=Config(signature_version="s3v4"))

client.put_bucket_lifecycle_configuration(
    Bucket="openclaw",
    LifecycleConfiguration={
        "Rules": [{
            "ID": "auto-delete-uploads",
            "Status": "Enabled",
            "Filter": {"Prefix": "uploads/"},
            "Expiration": {"Days": 1},
        }]
    }
)

Active rule on openclaw bucket: uploads/* → deleted after 1 day. Presigned URLs expire in 1 min (no access), objects cleaned up within 24h.

Generate presigned URL (Node.js)

import { S3Client, GetObjectCommand } from "@aws-sdk/client-s3";
import { getSignedUrl } from "@aws-sdk/s3-request-presigner";
import { readFileSync } from "fs";

const { cloudflare: { r2 } } = JSON.parse(readFileSync(`${process.env.HOME}/.openclaw/secrets.json`));

const client = new S3Client({
  region: "auto",
  endpoint: r2.endpoint,
  credentials: { accessKeyId: r2.accessKeyId, secretAccessKey: r2.secretAccessKey },
});

const url = await getSignedUrl(
  client,
  new GetObjectCommand({ Bucket: r2.bucket, Key: "my-file.txt" }),
  { expiresIn: 600 } // 10 minutes
);

Prerequisites

  • Node.js v20+ required
  • Install: npm install -g wrangler or use project-local npx wrangler
  • Auth: Token stored in ~/.openclaw/secrets.json under cloudflare.apiToken
  • To use with curl/API calls: TOKEN=$(jq -r '.cloudflare.apiToken' ~/.openclaw/secrets.json)
  • To use with wrangler CLI: export CLOUDFLARE_API_TOKEN=$(jq -r '.cloudflare.apiToken' ~/.openclaw/secrets.json)
  • Verify: wrangler whoami

Quick Reference

Workers

# Initialize new worker
wrangler init \x3Cname>

# Local development
wrangler dev [script]

# Deploy
wrangler deploy [script]

# List deployments
wrangler deployments list

# View deployment
wrangler deployments view [deployment-id]

# Rollback
wrangler rollback [version-id]

# Delete worker
wrangler delete [name]

# Tail logs (live)
wrangler tail [worker]

Secrets

# Add/update secret (interactive)
wrangler secret put \x3Ckey>

# Add secret from stdin
echo "value" | wrangler secret put \x3Ckey>

# List secrets
wrangler secret list

# Delete secret
wrangler secret delete \x3Ckey>

# Bulk upload from JSON file
wrangler secret bulk secrets.json

KV (Key-Value Store)

# Create namespace
wrangler kv namespace create \x3Cname>

# List namespaces
wrangler kv namespace list

# Delete namespace
wrangler kv namespace delete --namespace-id \x3Cid>

# Put key
wrangler kv key put \x3Ckey> \x3Cvalue> --namespace-id \x3Cid>

# Get key
wrangler kv key get \x3Ckey> --namespace-id \x3Cid>

# Delete key
wrangler kv key delete \x3Ckey> --namespace-id \x3Cid>

# List keys
wrangler kv key list --namespace-id \x3Cid>

# Bulk operations (JSON file)
wrangler kv bulk put \x3Cfile> --namespace-id \x3Cid>
wrangler kv bulk delete \x3Cfile> --namespace-id \x3Cid>

D1 (SQL Database)

# Create database
wrangler d1 create \x3Cname>

# List databases
wrangler d1 list

# Database info
wrangler d1 info \x3Cname>

# Execute SQL
wrangler d1 execute \x3Cdatabase> --command "SELECT * FROM users"

# Execute SQL file
wrangler d1 execute \x3Cdatabase> --file schema.sql

# Local execution (for dev)
wrangler d1 execute \x3Cdatabase> --local --command "..."

# Export database
wrangler d1 export \x3Cname> --output backup.sql

# Delete database
wrangler d1 delete \x3Cname>

# Migrations
wrangler d1 migrations create \x3Cdatabase> \x3Cname>
wrangler d1 migrations apply \x3Cdatabase>
wrangler d1 migrations list \x3Cdatabase>

R2 (Object Storage)

# Create bucket
wrangler r2 bucket create \x3Cname>

# List buckets
wrangler r2 bucket list

# Delete bucket
wrangler r2 bucket delete \x3Cname>

# Upload object
wrangler r2 object put \x3Cbucket>/\x3Ckey> --file \x3Cpath>

# Download object
wrangler r2 object get \x3Cbucket>/\x3Ckey> --file \x3Cpath>

# Delete object
wrangler r2 object delete \x3Cbucket>/\x3Ckey>

Queues

# Create queue
wrangler queues create \x3Cname>

# List queues
wrangler queues list

# Delete queue
wrangler queues delete \x3Cname>

Configuration Files

Wrangler supports both TOML and JSON/JSONC config formats:

  • wrangler.toml — traditional format
  • wrangler.json or wrangler.jsonc — newer, with JSON schema support

⚠️ Important: If both exist, JSON takes precedence. Pick one format to avoid confusion where edits to TOML are ignored.

JSONC format (with schema autocomplete)

{
  "$schema": "./node_modules/wrangler/config-schema.json",
  "name": "my-worker",
  "main": "src/index.ts",
  "compatibility_date": "2024-12-30"
}

TOML format

name = "my-worker"
main = "src/index.ts"
compatibility_date = "2024-12-30"

With bindings:

name = "my-worker"
main = "src/index.ts"
compatibility_date = "2024-12-30"

# KV binding
[[kv_namespaces]]
binding = "MY_KV"
id = "xxx"

# D1 binding
[[d1_databases]]
binding = "DB"
database_name = "my-db"
database_id = "xxx"

# R2 binding
[[r2_buckets]]
binding = "BUCKET"
bucket_name = "my-bucket"

# Environment variables
[vars]
API_URL = "https://api.example.com"

# Secrets (set via `wrangler secret put`)
# Referenced as env.SECRET_NAME in worker code

Static assets (for frameworks like Next.js):

name = "my-site"
main = ".open-next/worker.js"
compatibility_date = "2024-12-30"
compatibility_flags = ["nodejs_compat"]

[assets]
directory = ".open-next/assets"
binding = "ASSETS"

Common Patterns

Deploy with environment

wrangler deploy -e production
wrangler deploy -e staging

Custom domain (via dashboard or API)

Custom domains must be configured in the Cloudflare dashboard under Worker Settings > Domains & Routes, or via the Cloudflare API. Wrangler doesn't directly manage custom domains.

Local development with bindings

# Creates local D1/KV/R2 for dev
wrangler dev --local

Checking deployment status

wrangler deployments list
wrangler deployments view

Pages (Static Sites)

Deploy via Wrangler CLI

# IMPORTANT: wrangler pages deploy requires BOTH env vars
export CLOUDFLARE_API_TOKEN=$(jq -r '.cloudflare.apiToken' ~/.openclaw/secrets.json)
export CLOUDFLARE_ACCOUNT_ID=b4c7ead049e93e5c5d1c4f4415864c8a

npx wrangler pages deploy dist --project-name=my-project

⚠️ --account-id flag does NOT exist for wrangler pages deploy — you must use the CLOUDFLARE_ACCOUNT_ID env var. The --project-name flag is enough alongside env vars.

Create Pages project via API

TOKEN=$(jq -r '.cloudflare.apiToken' ~/.openclaw/secrets.json)
curl -s -X POST "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/pages/projects" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name":"my-project","production_branch":"main"}'

Add custom domain to Pages project

curl -s -X POST "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/pages/projects/my-project/domains" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name":"example.com"}'

Set production deployment

curl -s -X PATCH "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/pages/projects/my-project" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"production_deployment": "\x3Cdeploy-id>"}'

DNS for custom domain

  • Root domain must be a CNAME pointing to \x3Cproject>.pages.dev with proxied: true
  • If the zone is already on Cloudflare, Pages auto-validates ownership via HTTP
  • Common gotcha: stale NS records from old registrar (e.g. GoDaddy) may appear in zone but don't affect routing — they can be safely deleted
  • Check actual nameservers with dig NS example.com +short — should show *.ns.cloudflare.com

Pages API — Direct Upload (without wrangler)

If wrangler auth fails (e.g. zone-scoped token), use multipart form upload directly:

import hashlib, json, mimetypes, requests
from pathlib import Path

TOKEN = "..."
ACCOUNT_ID = "..."
PROJECT = "my-project"
DIST = Path("./dist")

headers = {"Authorization": f"Bearer {TOKEN}"}
files_list = sorted([f for f in DIST.rglob("*") if f.is_file()])

manifest = {}
file_map = {}
for f in files_list:
    rel = "/" + str(f.relative_to(DIST))
    content = f.read_bytes()
    h = hashlib.sha256(content).hexdigest()
    manifest[rel] = h
    file_map[h] = (f, content)

# Part names = file SHA256 hashes; manifest is a separate JSON part
multipart = [("manifest", (None, json.dumps(manifest), "application/json"))]
for h, (f, content) in file_map.items():
    mime = mimetypes.guess_type(str(f))[0] or "application/octet-stream"
    multipart.append((h, (f.name, content, mime)))

resp = requests.post(
    f"https://api.cloudflare.com/client/v4/accounts/{ACCOUNT_ID}/pages/projects/{PROJECT}/deployments",
    headers=headers,
    files=multipart,
)
print(resp.json()["result"]["url"])

What Wrangler Does NOT Do

  • DNS management — Use the Cloudflare dashboard or API for DNS records
  • Custom domains — Configure via dashboard (Worker Settings > Domains & Routes) or API
  • SSL certificates — Managed automatically by Cloudflare when custom domains are added
  • Firewall/WAF rules — Use dashboard or API

For DNS/domain management, see the cloudflare skill (uses Cloudflare API directly).

Troubleshooting

Issue Solution
"Not authenticated" Run wrangler login
Node version error Requires Node.js v20+
"No config found" Ensure config file exists (wrangler.toml or wrangler.jsonc) or use -c path/to/config
Config changes ignored Check for wrangler.json/wrangler.jsonc — JSON takes precedence over TOML
Binding not found Check wrangler.toml bindings match code references

Resources

安全使用建议
This skill appears to be what it says (Wrangler/Cloudflare helper) but has important mismatches you should address before using it: - Expectation of sensitive credentials: The SKILL.md instructs you to store a Cloudflare API token and R2 access keys in ~/.openclaw/secrets.json and to export CLOUDFLARE_API_TOKEN. These are reasonable for a Cloudflare tool, but the registry metadata does not declare those required credentials — treat that as an omission. Do not give the agent access to more credentials than necessary. - Secrets handling: Keep the secrets file encrypted or otherwise restricted. Prefer using the official CLOUDFLARE_API_TOKEN environment variable or the Wrangler-auth recommended flow rather than a custom secrets.json if possible. If you use ~/.openclaw/secrets.json, review and control its contents carefully. - Installation impact: The guide asks for Node.js v20+ and suggests a global npm install (`npm install -g wrangler`). Installing global packages can require elevated privileges — consider using npx or a local project install to reduce system impact. - Review code samples and edits: The SKILL.md includes Python and Node samples that will read secrets from disk; inspect and, if necessary, modify these before running. There is a small inconsistency about presigned URL expiry shown in text vs. code — verify timeout values you actually need. - Metadata/documentation gap: Ask the skill author or registry maintainer to declare required env vars/primary credential in the metadata so you can audit what the skill will need. If you will allow an agent to invoke this skill autonomously, ensure the agent is not granted blanket access to your secrets file. If you accept those caveats and secure the credentials appropriately, the skill is functionally coherent for Cloudflare management. If you cannot or do not want to store Cloudflare/R2 credentials locally, avoid installing/using this skill.
功能分析
Type: OpenClaw Skill Name: cloudflare-wrangler Version: 1.1.0 The skill bundle contains a hardcoded 'CLOUDFLARE_ACCOUNT_ID' (b4c7ead049e93e5c5d1c4f4415864c8a) in the SKILL.md file, which an AI agent is instructed to use for Pages deployments. While this ID is a common placeholder in official Cloudflare documentation, hardcoding it in instructions for an automated agent is a significant configuration flaw that could lead to failed operations or attempts to deploy data to an incorrect account. The skill also includes scripts for managing secrets and setting data deletion policies (R2 lifecycle rules), which are functional but increase the risk profile if the agent follows the hardcoded account instructions literally.
能力评估
Purpose & Capability
The name/description (Wrangler/Cloudflare resources) aligns with the instructions (wrangler CLI, KV, D1, R2, secrets, queues). However the SKILL.md specifies a particular secrets storage path (~/.openclaw/secrets.json) and env var usage that are not reflected in the declared metadata (which lists no required env vars or primary credential).
Instruction Scope
Runtime instructions tell the agent to read ~/.openclaw/secrets.json for Cloudflare API tokens and R2 keys, to export CLOUDFLARE_API_TOKEN, and to run/install tools (npm install -g wrangler, use jq). These file reads and environment operations involve sensitive credentials and are not described in the metadata; the SKILL.md also mixes sample code in multiple languages (Python/Node) and has a minor inconsistency about presigned URL expiration, showing lack of editorial rigor.
Install Mechanism
There is no install spec in the registry (instruction-only), which is low risk. But the documentation requires Node.js v20+ and suggests `npm install -g wrangler` (global npm install) or using npx; requiring a global install and privileged package management is a user-impactful step and should be noted by the user before proceeding.
Credentials
The skill expects Cloudflare credentials (cloudflare.apiToken) and R2 accessKeyId/secretAccessKey stored in ~/.openclaw/secrets.json and also suggests exporting CLOUDFLARE_API_TOKEN. Those sensitive credentials are proportionate to the skill's functionality (managing Cloudflare/R2), but the registry metadata does not declare them as required, creating an unexplained discrepancy and a risk that secrets may be read/used without explicit declaration.
Persistence & Privilege
The skill does not request always:true, does not include an install that writes persistent system-wide config, and does not claim to modify other skills. Autonomous invocation is enabled (default) which is normal; there is no evidence the skill will persist or escalate privileges on its own.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install cloudflare-wrangler
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /cloudflare-wrangler 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
Added Pages section: deployment via wrangler + direct API upload, custom domains, DNS gotchas (stale NS records, CLOUDFLARE_ACCOUNT_ID env var requirement)
元数据
Slug cloudflare-wrangler
版本 1.1.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Cloudflare Wrangler & Pages 是什么?

Manage Cloudflare Workers, KV, D1, R2, and secrets using the Wrangler CLI. Use when deploying workers, managing databases, storing objects, or configuring Cl... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 435 次。

如何安装 Cloudflare Wrangler & Pages?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install cloudflare-wrangler」即可一键安装,无需额外配置。

Cloudflare Wrangler & Pages 是免费的吗?

是的,Cloudflare Wrangler & Pages 完全免费(开源免费),可自由下载、安装和使用。

Cloudflare Wrangler & Pages 支持哪些平台?

Cloudflare Wrangler & Pages 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Cloudflare Wrangler & Pages?

由 Itamar C(@itamarcoh3n)开发并维护,当前版本 v1.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论