Cloudflare Guard
v0.1.2Configures and manages Cloudflare DNS, caching, security rules, rate limiting, and Workers
⭐ 0· 902·5 current·5 all-time
byGuilherme Favaron@guifav
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (Cloudflare DNS, caching, WAF, rate limiting, Workers) match the SKILL.md content, which contains concrete curl calls to api.cloudflare.com for DNS, SSL, cache, rate limits, and Workers. Requiring a Cloudflare API token and zone ID is appropriate for this purpose.
Instruction Scope
SKILL.md stays on-task: it instructs the agent to use Cloudflare's API via curl/jq (or platform alternatives), to enumerate current state, build a plan, then perform and verify changes. It does include destructive operations (delete DNS records, purge cache, modify SSL/WAF) but explicitly mandates a planning protocol to avoid accidental outages. It does not instruct reading unrelated local files or sending data to non-Cloudflare endpoints.
Install Mechanism
This is instruction-only (no install spec or code files), which is low risk. The manifest requires curl (present in claw.json) which aligns with SKILL.md. No downloads or archive extracts are present.
Credentials
The skill uses CLOUDFLARE_API_TOKEN and CLOUDFLARE_ZONE_ID as shown in SKILL.md and claw.json (primaryEnv set to the API token), which is appropriate. However, the top-level registry metadata in the provided summary said "Required env vars: none" while claw.json and SKILL.md do require those env vars — this metadata inconsistency should be resolved before trusting automatic installs.
Persistence & Privilege
The skill is not marked always:true and does not request system-wide modifications or secrets beyond its own declared token/zone. Model invocation is allowed (normal for skills) but there is no evidence it will persist itself or modify other skills.
Assessment
This skill appears to be what it claims: an instruction-only Cloudflare management helper that expects a Cloudflare API token and zone ID and uses curl to call the official Cloudflare API. Before installing: 1) Confirm the registry metadata (the provided summary lists no required env vars and no homepage, but claw.json and SKILL.md do require CLOUDFLARE_API_TOKEN and CLOUDFLARE_ZONE_ID and list a GitHub homepage). 2) Use a scoped Cloudflare API token (least privilege) rather than a global account token. 3) Back up current DNS and configuration and test in staging wherever possible; operations like deleting records, changing SSL mode, or purging caches can cause outages. 4) Verify you (or the agent) will not run these commands unattended — the SKILL.md requires a planning step before actions; ensure that the agent's use of the skill preserves that human review if you want manual oversight. 5) If you need auditability, ensure logs and Cloudflare audit trails are enabled since the skill issues API calls that change live configuration.Like a lobster shell, security has layers — review code before you run it.
latestvk97frtxxq0v3ybb4eeeaqkg3g583eqc2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.