Cloudflare Wrangler & Pages

This skill appears to be what it says (Wrangler/Cloudflare helper) but has important mismatches you should address before using it: - Expectation of sensitive credentials: The SKILL.md instructs you to store a Cloudflare API token and R2 access keys in ~/.openclaw/secrets.json and to export CLOUDFLARE_API_TOKEN. These are reasonable for a Cloudflare tool, but the registry metadata does not declare those required credentials — treat that as an omission. Do not give the agent access to more credentials than necessary. - Secrets handling: Keep the secrets file encrypted or otherwise restricted. Prefer using the official CLOUDFLARE_API_TOKEN environment variable or the Wrangler-auth recommended flow rather than a custom secrets.json if possible. If you use ~/.openclaw/secrets.json, review and control its contents carefully. - Installation impact: The guide asks for Node.js v20+ and suggests a global npm install (`npm install -g wrangler`). Installing global packages can require elevated privileges — consider using npx or a local project install to reduce system impact. - Review code samples and edits: The SKILL.md includes Python and Node samples that will read secrets from disk; inspect and, if necessary, modify these before running. There is a small inconsistency about presigned URL expiry shown in text vs. code — verify timeout values you actually need. - Metadata/documentation gap: Ask the skill author or registry maintainer to declare required env vars/primary credential in the metadata so you can audit what the skill will need. If you will allow an agent to invoke this skill autonomously, ensure the agent is not granted blanket access to your secrets file. If you accept those caveats and secure the credentials appropriately, the skill is functionally coherent for Cloudflare management. If you cannot or do not want to store Cloudflare/R2 credentials locally, avoid installing/using this skill.