ClawHub

Cloudflare Global

v1.0.0

Cloudflare DNS and zone operations using a Global API Key. Use when the user needs to list, create, update, delete, export, or import DNS records, inspect zo...

0· 52·0 current·0 all-time
byHongWei Jiang@ugvfpdcuwfnh
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description align with behavior: the SKILL.md and script implement Cloudflare DNS, zone, cache, firewall, pagerules, tunnel, and analytics operations using the legacy Global API Key and email. The requested environment variables in SKILL.md (CLOUDFLARE_GLOBAL_API_KEY, CLOUDFLARE_EMAIL, optional CLOUDFLARE_ACCOUNT_ID) match the stated purpose.
Instruction Scope
Instructions and the script stay within Cloudflare API calls (CF_API=https://api.cloudflare.com). The script reads only the declared env vars and performs only listed operations. Note: the SKILL.md and registry metadata do not list needed local binaries, but the script requires jq (enforced at runtime), curl, and openssl for some operations.
Install Mechanism
No install spec and no external downloads; this is instruction-only plus a bundled shell script. Nothing is fetched from arbitrary URLs or written to unexpected system locations.
Credentials
The skill requires a Cloudflare Global API Key and account email, which is proportionate to managing zones via the legacy flow. However, a Global API Key is highly privileged compared with modern scoped API tokens; the skill requires users to supply that sensitive secret — consider using a scoped API token instead if possible.
Persistence & Privilege
always is false and the skill does not request persistent system-wide privileges or modify other skills. It does not attempt to enable itself or alter unrelated agent config.
Assessment
This skill appears to be what it claims: a shell-based Cloudflare client using the legacy Global API Key. Before installing or using it, review the included scripts locally and avoid pasting your Global API Key into untrusted environments. The script requires jq, curl, and openssl even though registry metadata lists no required binaries — install those locally or run the script in a sandbox. Prefer creating and using a least-privilege Cloudflare API token (scoped to required actions/zones) rather than a Global API Key if possible. If you must use a Global API Key, store it in a secure environment variable, and consider testing actions on a non-production zone or account first.

Like a lobster shell, security has layers — review code before you run it.

latestvk972f3t2cy722j528f6m8q205x84s6yf
52downloads
0stars
1versions
Updated 6d ago
v1.0.0
MIT-0
HongWei Jiang@ugvfpdcuwfnh
latest
Download

Cloudflare Global

Use this skill to work with Cloudflare via the legacy Global API Key flow.

Authentication

Read credentials from environment variables:

  • CLOUDFLARE_GLOBAL_API_KEY — required
  • CLOUDFLARE_EMAIL — required
  • CLOUDFLARE_ACCOUNT_ID — required only for tunnel operations

Do not use Bearer auth for this flow.

Workflow

  1. Resolve the zone id for the domain.
  2. List existing records when the user asks or when you need to avoid duplicates.
  3. Create, update, delete, or export DNS records with the legacy headers:
    • X-Auth-Email: $CLOUDFLARE_EMAIL
    • X-Auth-Key: $CLOUDFLARE_GLOBAL_API_KEY
  4. Keep DNS records proxied: false unless the user explicitly asks for proxying.
  5. Use ttl: 1 for Cloudflare auto TTL.
  6. For tunnel operations, require CLOUDFLARE_ACCOUNT_ID.

Script

Use scripts/cf-global.sh for repeatable Cloudflare operations.

Available operations

  • verify
  • zones / zones-list
  • zone-get
  • zone-id
  • dns-list
  • dns-create
  • dns-update
  • dns-delete
  • dns-export
  • dns-import
  • settings-list
  • setting-get
  • setting-set
  • ssl-get
  • ssl-set
  • cache-purge
  • pagerules-list
  • firewall-list
  • tunnels-list
  • tunnel-get
  • tunnel-create
  • tunnel-delete
  • analytics

Publishing Notes

  • This skill is safe to publish as-is: it does not contain embedded API keys, tokens, or account secrets.
  • It relies on environment variables for credentials; users must provide their own values locally.
  • Keep any examples, logs, and future edits free of real zone IDs, account IDs, emails, and record contents.
  • Ensure scripts/cf-global.sh is included in the published package.
  • The generated dist/cloudflare-global.skill file is a build artifact and should be regenerated before publishing if the source changes.

Notes

  • Prefer small, deterministic batches for bulk updates.
  • If the API returns authorization or header-format errors, verify that the user provided a Global API Key and the correct Cloudflare account email.

Comments

Loading comments...