cloudflare

Infrastructure operations for Cloudflare: Workers, KV, R2, D1, Hyperdrive, observability, builds, audit logs. Triggers: worker/KV/R2/D1/logs/build/deploy/audit. Three permission tiers: Diagnose (read-only), Change (write requires confirmation), Super Admin (isolated environment). Write operations follow read-first, confirm, execute, verify pattern. MCP is optional — works with Wrangler CLI/Dashboard too.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "cloudflare" with this command: npx skills add heyvhuang/ship-faster/heyvhuang-ship-faster-cloudflare

Cloudflare Infrastructure Operations

Manage Cloudflare services: Workers, KV, R2, D1, Hyperdrive, Observability, Builds, and Audit Logs.

MCP is optional. This skill works with MCP (auto), Wrangler CLI, or Dashboard. See BACKENDS.md for execution options.

Permission Tiers

TierPurposeScopeRisk Control
DiagnoseRead-only/query/troubleshootObservability, Builds, AuditDefault entry, no writes
ChangeCreate/modify/delete resourcesKV, R2, D1, HyperdriveRequires confirmation + verification
Super AdminHighest privilegesAll + Container SandboxOnly in isolated/test environments

Security Rules

Read Operations

  1. Define scope first — account / worker / resource ID
  2. No account set? — List accounts first, then set active
  3. Evidence required — Conclusions must have logs/screenshots/audit records

Write Operations (Three-step Flow)

1. Plan: Read current state first (list/get)
2. Confirm: Output precise change (name/ID/impact), await user confirmation
3. Execute: create/delete/update
4. Verify: audit logs + observability confirm no new errors

Prohibited Actions

  • ❌ Execute create/delete/update without confirmation
  • ❌ Delete production resources (unless user explicitly says "delete production xxx")
  • ❌ Use Super Admin privileges in non-isolated environments
  • ❌ Use container sandbox as persistent environment

Operation Categories

Diagnose Tier (Read-only)

CategoryWhat You Can Do
ObservabilityQuery worker logs/metrics, discover fields, explore values
BuildsList build history, get build details, view build logs
BrowserFetch page HTML, convert to markdown, take screenshots
AuditPull change history by time range
WorkersList workers, get details, view source code

Change Tier (Write Operations)

ResourceOperations
KVList, get, create ⚠️, update ⚠️, delete ⚠️
R2List, get, create ⚠️, delete ⚠️
D1List, get, query, create ⚠️, delete ⚠️
HyperdriveList, get, create ⚠️, edit ⚠️, delete ⚠️

⚠️ = Requires confirmation

Super Admin Tier (Container Sandbox)

Temporary container for isolated tasks (~10 min lifecycle):

  • Initialize, execute commands, read/write/delete files
  • Use for: running tests, reproducing issues, parsing data
  • NOT for: persistent state, production workloads

Common Workflows

Troubleshooting Flow

1. Clarify symptoms → worker name / time range / error type
2. Query observability to pull logs/metrics
3. If build-related → get build logs
4. If page-related → take screenshot to reproduce
5. Trace changes → pull audit logs
6. Summarize: root cause + evidence + fix recommendations

Resource Management Flow

1. List accounts → set active account
2. List resources (KV / R2 / D1)
3. Plan changes → present to user
4. Execute after confirmation
5. Verify: audit logs + observability shows no errors

Output Format

  • Language: English
  • Structure: Conclusion → Key data/evidence → Tool call summary → Next steps
  • Write operations: Must clearly list operations and impact scope

Example:

✅ Investigation complete: worker `api-gateway` experienced 5xx spike between 18:00-18:30

Root cause: New code deployed threw TypeError when processing /v2/users
Evidence:
- Logs: 18:02 first occurrence of "Cannot read property 'id' of undefined"
- Audit: 18:00 user dev@example.com deployed new version
- Metrics: error_rate jumped from 0.1% to 12%

Recommendation: Roll back to previous version, or fix /v2/users handler

File-based Pipeline

When integrating into multi-step workflows:

runs/<workflow>/active/<run_id>/
├── proposal.md                # Symptoms/objectives
├── context.json               # Account/worker/resource/time_range
├── tasks.md                   # Checklist + approval gate
├── evidence/observability.md
├── evidence/audit.md
├── evidence/screenshots/
├── evidence/change-plan.md    # Write operations written here first
├── evidence/report.md         # Conclusion + evidence + next steps
└── logs/events.jsonl          # Optional tool call summary

Error Handling

SituationAction
Account not setRun accounts_list → set_active_account first
Resource doesn't existVerify ID/name, list available resources
Insufficient permissionsExplain required permissions, check API token scope
Observability query too broadSplit into smaller time ranges

Related Files

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

review-seo-audit

No summary provided by upstream source.

Repository SourceNeeds Review
39-heyvhuang
General

tool-openclaw

No summary provided by upstream source.

Repository SourceNeeds Review
53-heyvhuang
General

mcp-supabase

No summary provided by upstream source.

Repository SourceNeeds Review
47-heyvhuang
General

stripe

No summary provided by upstream source.

Repository SourceNeeds Review
44-heyvhuang