ClawHub
Skill flagged — review recommended

ClawHub Security found sensitive or high-impact capabilities. Review the scan results before using.

Cloudflare API

v1.0.0

Connect to Cloudflare API for DNS management, tunnels, and zone administration. Use when user needs to manage domains, DNS records, or create tunnels.

3· 2.8k· 1 versions· 15 current· 15 all-time· Updated 4h ago· MIT-0
byLucas Synnott@lucassynnott

Security Scans

VirusTotalBenignClawScanReviewStatic analysisBenign

Install

openclaw skills install cloudflare-api

Cloudflare Skill

Connect to Cloudflare API for DNS management, tunnels, and zone administration.

Setup

1. Get Your API Token

  1. Go to dash.cloudflare.com/profile/api-tokens
  2. Create a token with required permissions:
    • Zone:Read - List domains
    • DNS:Edit - Manage DNS records
    • Account:Cloudflare Tunnel:Edit - Manage tunnels
  3. Copy the token

2. Configure

# Option A: Store in file (recommended)
echo "YOUR_API_TOKEN" > ~/.cloudflare_token
chmod 600 ~/.cloudflare_token

# Option B: Environment variable
export CLOUDFLARE_API_TOKEN="YOUR_API_TOKEN"

3. Test Connection

./scripts/setup.sh

Commands

Zones (Domains)

./scripts/zones/list.sh                    # List all zones
./scripts/zones/list.sh --json             # JSON output
./scripts/zones/get.sh example.com         # Get zone details

DNS Records

# List records
./scripts/dns/list.sh example.com
./scripts/dns/list.sh example.com --type A
./scripts/dns/list.sh example.com --name api

# Create record
./scripts/dns/create.sh example.com \
  --type A \
  --name api \
  --content 1.2.3.4 \
  --proxied

# Create CNAME
./scripts/dns/create.sh example.com \
  --type CNAME \
  --name www \
  --content example.com \
  --proxied

# Update record
./scripts/dns/update.sh example.com \
  --name api \
  --type A \
  --content 5.6.7.8

# Delete record
./scripts/dns/delete.sh example.com --name api --type A

Tunnels

# List tunnels
./scripts/tunnels/list.sh

# Create tunnel
./scripts/tunnels/create.sh my-tunnel

# Configure tunnel ingress
./scripts/tunnels/configure.sh my-tunnel \
  --hostname app.example.com \
  --service http://localhost:3000

# Get run token
./scripts/tunnels/token.sh my-tunnel

# Delete tunnel
./scripts/tunnels/delete.sh my-tunnel

Token Permissions

FeatureRequired Permission
List zonesZone:Read
Manage DNSDNS:Edit
Manage tunnelsAccount:Cloudflare Tunnel:Edit

Create token at: dash.cloudflare.com/profile/api-tokens

Common Workflows

Point subdomain to server

./scripts/dns/create.sh mysite.com --type A --name api --content 1.2.3.4 --proxied

Set up tunnel for local service

# 1. Create tunnel
./scripts/tunnels/create.sh webhook-tunnel

# 2. Configure ingress
./scripts/tunnels/configure.sh webhook-tunnel \
  --hostname hook.mysite.com \
  --service http://localhost:8080

# 3. Add DNS record
TUNNEL_ID=$(./scripts/tunnels/list.sh --name webhook-tunnel --quiet)
./scripts/dns/create.sh mysite.com \
  --type CNAME \
  --name hook \
  --content ${TUNNEL_ID}.cfargotunnel.com \
  --proxied

# 4. Run tunnel
TOKEN=$(./scripts/tunnels/token.sh webhook-tunnel)
cloudflared tunnel run --token $TOKEN

Output Formats

FlagDescription
--jsonRaw JSON from API
--tableFormatted table (default)
--quietMinimal output (IDs only)

Troubleshooting

ErrorSolution
"No API token found"Run setup or set CLOUDFLARE_API_TOKEN
"401 Unauthorized"Check token is valid
"403 Forbidden"Token missing required permission
"Zone not found"Verify domain is in your account

Version tags

latestvk97f8n1cfx5z4733cn1g120ct97z5sk1

Runtime requirements

☁️ Clawdis
Binscurl, jq