Cloudflare Wrangler & Pages
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Cloudflare/Wrangler reference skill, but it relies on powerful Cloudflare credentials and documents commands that can deploy, delete, or change cloud resources.
Install only if you intend to let the agent help administer Cloudflare resources. Use least-privilege Cloudflare tokens, verify Wrangler’s source/version, and require explicit confirmation before deployments, deletions, migrations, SQL execution, secret changes, or lifecycle-rule changes.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the token is broad, the agent could deploy, modify, or delete Cloudflare resources when asked to use the skill.
This shows the skill expects local Cloudflare API credentials and passes them to Wrangler. That is purpose-aligned, but the token can authorize meaningful account changes.
Auth: Token stored in `~/.openclaw/secrets.json` under `cloudflare.apiToken` ... `export CLOUDFLARE_API_TOKEN=$(jq -r '.cloudflare.apiToken' ~/.openclaw/secrets.json)`
Use a least-privilege Cloudflare API token, keep it in the intended secret store, and review any action that changes or deletes resources.
A mistaken or overly broad instruction could alter production Workers, databases, storage buckets, KV data, or secrets.
The skill documents high-impact cloud operations, including deployment, SQL execution, and deletion. These commands fit the stated Wrangler-management purpose, but they can change live resources.
`wrangler deploy [script]` ... `wrangler delete [name]` ... `wrangler d1 execute <database> --command "SELECT * FROM users"` ... `wrangler d1 delete <name>` ... `wrangler r2 bucket delete <name>`
Require explicit user confirmation for deploy, delete, bulk, migration, and SQL execution operations, especially against production accounts.
Installing or running an unexpected Wrangler version could change behavior or introduce dependency risk.
The skill relies on an external npm package rather than bundled reviewed code. This is normal for a Wrangler CLI skill, but users depend on npm package provenance and version selection.
Install: `npm install -g wrangler` or use project-local `npx wrangler`
Install Wrangler from the official npm package, prefer a pinned project-local version for production work, and verify the CLI before authenticating.
Files uploaded under the matching prefix could be removed automatically, including future uploads, if the lifecycle rule is applied to the wrong bucket or prefix.
The R2 lifecycle example creates a persistent cloud-side rule that can delete future objects automatically. It is disclosed, but users should understand the ongoing effect.
R2 lifecycle rules auto-delete objects after N days ... `client.put_bucket_lifecycle_configuration` ... `"Expiration": {"Days": 1}` ... `uploads/*` → deleted after 1 day.Confirm the target bucket and prefix before applying lifecycle rules, and document how to inspect or remove the rule.
A user may believe a shared R2 link expires sooner than it actually does.
The shown presigned URL example and surrounding text appear to disagree about expiration time. This is not evidence of malicious behavior, but it could mislead users about link exposure duration.
`{ expiresIn: 600 } // 10 minutes` ... `Presigned URLs expire in 1 min`Clarify the intended expiration value and verify generated presigned URLs match the documented security expectation.