Wrangler
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Cloudflare Wrangler reference skill, but it can guide high-impact cloud actions like deployments, deletes, database changes, and secret management.
This skill appears safe as a Wrangler command reference, but treat it like giving an agent access to your Cloudflare CLI. Review any command that deploys, deletes, runs SQL, changes secrets, or targets production before execution.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used carelessly, the agent could help run commands that change, expose, or delete Cloudflare resources.
The skill documents commands that can deploy code, run SQL, and delete Cloudflare resources. This is aligned with the skill purpose, but these commands can have production impact.
wrangler deploy [script] ... wrangler delete [name] ... wrangler d1 execute <database> --command "SELECT * FROM users" ... wrangler d1 delete <name>
Confirm the target account, environment, resource name, and command impact before running deploy, delete, bulk, migration, or SQL commands.
The skill can operate with whatever Cloudflare permissions the logged-in account has.
The skill requires Cloudflare account authentication. This is expected for Wrangler, but it gives the CLI delegated access to the user's Cloudflare resources.
Auth: `wrangler login` (opens browser for OAuth)
Use the least-privileged Cloudflare account or token practical for the task, and avoid using broad production credentials unless necessary.
Users will rely on the npm package resolved at install or execution time.
The skill asks users to install or execute the Wrangler package through npm/npx. This is normal for this integration, but the artifact does not pin a package version.
Install: `npm install -g wrangler` or use project-local `npx wrangler`
Install Wrangler from the official npm package and consider pinning a known-good version in projects that require reproducible builds.