Cloudflare
PassAudited by ClawScan on May 16, 2026.
Overview
This instruction-only Cloudflare integration is coherent and disclosed, but it delegates powerful Cloudflare account actions to the separate ClawLink plugin and service.
Before installing, verify the ClawLink plugin and service, connect Cloudflare with the narrowest permissions practical, and carefully review any preview before approving DNS, firewall, worker, or bulk account changes.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the plugin allows a separate ClawLink component to add tools and handle Cloudflare integration flows.
The skill depends on a separate plugin that is not included in this instruction-only package. The install step is disclosed and user-directed, but plugin provenance still matters.
Install the verified ClawLink plugin: `openclaw plugins install clawhub:clawlink-plugin`
Verify that the ClawLink plugin and publisher are the expected ones before installing or pairing accounts.
Anyone with access to the paired OpenClaw environment or ClawLink account may be able to use the granted Cloudflare permissions.
Pairing creates a persistent local credential and delegates Cloudflare access through ClawLink. This is expected for the integration, but it is privileged account access.
The resulting device credential is stored locally in OpenClaw's plugin config and is only sent to `claw-link.dev`.
Use least-privilege Cloudflare authorization where possible, avoid pasting raw credentials into chat, and revoke the ClawLink connection if it is no longer needed.
Incorrect confirmed actions could affect websites, DNS routing, security rules, or deployed workers.
The skill can perform high-impact Cloudflare changes. The artifacts also instruct the agent to preview writes and obtain confirmation, making this purpose-aligned rather than hidden.
Create or update DNS records after confirmation - Manage rules, workers, and firewall settings when available
Review previews carefully before approving any write, destructive, external-facing, or bulk Cloudflare action.
Cloudflare account connection details and tool requests may be handled through ClawLink rather than directly by OpenClaw.
Cloudflare connection and tool execution are mediated through the ClawLink hosted service. This gateway flow is disclosed, but users should understand the data and action boundary.
ClawLink's hosted page runs the provider connection flow.
Review ClawLink's documentation, verification page, and account permissions before connecting Cloudflare.