v1.1.0

Wrangler

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 4:51 AM.

Analysis

This is a coherent Cloudflare Wrangler CLI guide, but it covers powerful deployment, deletion, database, storage, and secret-management actions without explicit approval or scoping safeguards.

GuidanceInstall only if you are comfortable letting the agent help with Cloudflare CLI operations. Treat deploy, delete, bulk, SQL, migration, export, and secret commands as high-impact: verify the active Cloudflare account and environment, ask the agent to show the exact command first, and require explicit approval before it changes or deletes resources.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

wrangler deploy [script]
wrangler delete [name]
wrangler kv namespace delete --namespace-id <id>
wrangler kv bulk delete <file> --namespace-id <id>
wrangler d1 execute <database> --command "SELECT * FROM users"
wrangler d1 delete <name>
wrangler r2 bucket delete <name>

These are high-impact Cloudflare operations that can deploy code, delete services or data, bulk-delete KV records, run SQL, and delete storage. The skill presents them as quick-reference commands without explicit guardrails such as confirming the Cloudflare account, environment, target resource, backup status, or user approval before destructive actions.

User impactAn agent using these instructions could accidentally affect production Cloudflare resources, delete data, or run unintended database changes if the user does not tightly control the requested action.

RecommendationBefore using this skill, require explicit confirmation for deploy, delete, bulk, migration, SQL, and secret operations; verify the active Cloudflare account and environment with `wrangler whoami`; prefer staging first; and ensure backups exist before destructive commands.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

Install: `npm install -g wrangler` or use project-local `npx wrangler`

The skill instructs users to install or run Wrangler from the npm ecosystem without pinning a version. This is a normal setup path for Wrangler, but users should be aware of package provenance and version drift.

User impactA future or unexpected Wrangler package version could behave differently from the documented commands, especially when installed globally or invoked through npx.

RecommendationInstall Wrangler from the official package source, consider pinning a known-good version in project tooling, and review version changes before using it for production operations.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

Auth: `wrangler login` (opens browser for OAuth)
Verify: `wrangler whoami`

The skill discloses that Wrangler uses Cloudflare OAuth authentication. This is expected for Cloudflare management, but it means actions run with the permissions of the logged-in Cloudflare account.

User impactIf the active Wrangler session has broad Cloudflare permissions, commands from this skill may affect any accessible account, project, database, bucket, namespace, queue, or worker.

RecommendationUse the least-privileged Cloudflare account or token available, verify the active account before changes, and avoid using a highly privileged production session for routine operations.