ClawHub

Cloudflare

Manage Cloudflare domains, DNS records, SSL settings, zone configuration, firewall rules, tunnels, and analytics via the Cloudflare API. Use when the user as...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 1.1k · 4 current installs · 4 all-time installs
byShiwei Song@InsipidPoint
duplicate of @InsipidPoint/cf-zones
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Cloudflare domain/DNS/SSL/tunnel management) lines up with what is requested and provided: the script calls api.cloudflare.com and uses CLOUDFLARE_API_TOKEN (primary credential). Required binaries (curl, jq, openssl) are appropriate for HTTP calls, JSON processing, and generating secrets for tunnels.
Instruction Scope
SKILL.md instructs the agent to use the included scripts/cf.sh for all operations. The script performs only Cloudflare API calls, lists/manipulates DNS, settings, tunnels, analytics, and reads an import file only when the dns-import command is invoked. The SKILL.md documents destructive operations and says to confirm with the user before performing them.
Install Mechanism
No install spec or external downloads; the skill is instruction-only with a bundled script. Nothing is fetched from untrusted URLs and no archives are extracted.
Credentials
Only CLOUDFLARE_API_TOKEN is required (CLOUDFLARE_ACCOUNT_ID is optional for tunnel ops). These credentials are proportionate and directly relevant to Cloudflare management. No unrelated secrets or system config paths are requested.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system settings, and contains no installation step that persists beyond its own files. Autonomous invocation is allowed by default but is not combined with other concerning factors here.
Assessment
This skill appears to do what it says, but take these practical precautions before enabling it: 1) Use a least-privilege Cloudflare API token (give only the permissions needed, e.g., Zone:DNS:Edit for DNS tasks); 2) When running dns-import, only supply JSON files you trust (the script will read the file you point to); 3) Be aware curl is called with the Authorization header — the token is sent to api.cloudflare.com (as expected) and may appear briefly in process listings while curl runs; 4) Confirm any destructive actions (dns-delete, cache-purge, tunnel-delete, SSL/setting changes) before execution — the SKILL.md already advises this; 5) If you need tunnels, set CLOUDFLARE_ACCOUNT_ID and consider rotating tunnel secrets as needed. If you want higher assurance, review the included scripts/cf.sh yourself to verify there are no additional network endpoints or logging behaviors beyond api.cloudflare.com.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.5.0
Download zip
latestvk97459c8j10bzrqha8gewrqa1n819nm0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binscurl, jq, openssl
EnvCLOUDFLARE_API_TOKEN
Primary envCLOUDFLARE_API_TOKEN

SKILL.md

Cloudflare

Manage Cloudflare zones, DNS, SSL, tunnels, and settings via the bundled scripts/cf.sh bash script.

Prerequisites

  • curl, jq, and openssl must be available on the system
  • Set CLOUDFLARE_API_TOKEN environment variable
  • Optionally set CLOUDFLARE_ACCOUNT_ID for tunnel operations

CLI: scripts/cf.sh

All operations go through the bundled scripts/cf.sh bash script (included in this skill). No external downloads needed.

# Run from skill directory
./scripts/cf.sh <command> [args...]
# Or reference by absolute path
/path/to/skills/cloudflare/scripts/cf.sh <command> [args...]

Commands

CommandArgsDescription
helpShow all commands
verifyVerify API token is valid
zones[domain]List zones (optionally filter by domain name)
zone-get<zone_id>Get zone details
zone-id<domain>Get zone ID from domain name
dns-list<zone_id> [type] [name]List DNS records
dns-create<zone_id> <type> <name> <content> [proxied] [ttl]Create DNS record
dns-update<zone_id> <record_id> <type> <name> <content> [proxied] [ttl]Update DNS record
dns-delete<zone_id> <record_id>Delete DNS record
dns-export<zone_id>Export all records as JSON
dns-import<zone_id> <file.json>Import records from JSON
settings-list<zone_id>List all zone settings
setting-get<zone_id> <setting>Get specific setting
setting-set<zone_id> <setting> <value>Update a setting
ssl-get<zone_id>Get current SSL mode
ssl-set<zone_id> <mode>Set SSL mode (off/flexible/full/strict)
cache-purge<zone_id> [url1 url2 ...]Purge specific URLs or everything
pagerules-list<zone_id>List page rules
firewall-list<zone_id>List firewall rules
tunnels-listList Cloudflare Tunnels (needs ACCOUNT_ID)
tunnel-get<tunnel_id>Get tunnel details
tunnel-create<name>Create a tunnel (needs ACCOUNT_ID)
tunnel-delete<tunnel_id>Delete a tunnel (needs ACCOUNT_ID)
analytics<zone_id> [since_minutes]Zone analytics (default: last 24h)

Proxied flag

  • true — orange cloud, traffic through Cloudflare (CDN, WAF, DDoS)
  • false — grey cloud, DNS-only (use for MX, non-HTTP services)

TTL

  • 1 = automatic (Cloudflare-managed)
  • Set explicit seconds for DNS-only records (e.g., 3600)

Typical workflows

Point domain to server

# Find zone ID
cf zones example.com
# Create A record (proxied)
cf dns-create <zone_id> A example.com 1.2.3.4 true
# Create www CNAME
cf dns-create <zone_id> CNAME www.example.com example.com true

Set up email (MX + SPF)

cf dns-create <zone_id> MX example.com "mx.provider.com" false 1
cf dns-create <zone_id> TXT example.com "v=spf1 include:provider.com ~all" false

Enable strict SSL

cf ssl-set <zone_id> strict

Safety rules

Always confirm with the user before:

  • Deleting DNS records (dns-delete)
  • Changing SSL mode
  • Modifying firewall rules
  • Any destructive operation

Safe to do freely:

  • Listing/reading zones, records, settings, analytics
  • Verifying token

Reference

For DNS record types, SSL modes, and API details: see references/api-guide.md

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…