Cloudflare Open WebUI Tunnel Operator
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent instruction-only Cloudflare tunnel workflow, but it requires deliberate use of Cloudflare and 1Password credentials plus optional systemd persistence.
Install only if you intend to expose Open WebUI through Cloudflare. Before using it, create a least-privilege Cloudflare API token, confirm the exact hostname and origin service, protect any local env file containing tunnel tokens, and enable systemd only if you want the tunnel to persist across reboots.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If misused or over-scoped, the Cloudflare token could change DNS or tunnel settings, and the local env file could expose the tunnel token.
The skill intentionally uses a 1Password-managed Cloudflare API token, stores a runtime token locally, and may update the 1Password item. This is disclosed and aligned with the tunnel-management purpose, but it gives the agent access to account credentials and secret-manager state.
confirm `op` can read the Cloudflare token ... write the runtime tunnel token to a local env file ... backfill `account_id` in 1Password if it was inferred
Use a least-privilege Cloudflare token limited to the needed zone/tunnel actions, confirm any 1Password write-back, and store the env file with restrictive permissions.
Incorrect hostname, DNS, or ingress settings could publicly expose the wrong local service or break an existing Cloudflare setup.
The workflow directs changes to Cloudflare tunnel, ingress, and DNS configuration. These actions are expected for this skill, but they can affect public access to the user's Open WebUI.
create or reuse a remote-managed tunnel ... apply ingress from the public hostname to the local Open WebUI service ... create or update the proxied DNS CNAME
Before applying changes, review the exact Cloudflare zone, hostname, tunnel name, and origin URL; avoid broad or wildcard changes unless explicitly intended.
A systemd service can keep the tunnel active after the current session ends, continuing public exposure of the Open WebUI endpoint.
The skill documents optional systemd persistence so cloudflared can keep running after reboot. This persistence is disclosed and relevant to maintaining the tunnel, but it should be user-approved.
persist the tunnel with `systemd` if reboots must survive
Only enable systemd persistence when needed, inspect the unit file before enabling it, and know how to stop and disable the service.
Users may not realize from the registry metadata alone that the skill depends on local CLIs and Cloudflare/1Password access.
Registry metadata does not declare the tools and credential dependencies that the documentation relies on, such as op, Docker, systemctl, curl, and a Cloudflare token. This appears to be an under-declaration rather than hidden behavior because the README/SKILL/WORKFLOW describe the dependencies.
Required binaries (all must exist): none ... Env var declarations: none ... Primary credential: none
Treat the documentation as the authoritative setup guide and verify required tools and credentials before invoking the workflow.