mcp-cloudflare

Manage Workers/KV/R2/D1/Hyperdrive via Cloudflare MCP, perform observability/build troubleshooting/audit/container sandbox operations. Triggers: worker/KV/R2/D1/logs/build/deploy/screenshot/audit/sandbox. Three permission tiers: Diagnose (read-only), Change (write requires confirmation), Super Admin (isolated environment). Write operations must follow read-first, user confirmation, post-execution verification.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "mcp-cloudflare" with this command: npx skills add heyvhuang/ship-faster/heyvhuang-ship-faster-mcp-cloudflare

Cloudflare MCP Skill

Interact with Cloudflare services via MCP: Workers, KV, R2, D1, Hyperdrive, Observability, Builds, Audit, Container Sandbox.

File-based Pipeline (Pass Paths Only)

When integrating troubleshooting/changes into multi-step workflows, persist all evidence and artifacts to disk, passing only paths between agents/sub-agents.

Recommended directory structure (within project): runs/<workflow>/active/<run_id>/

  • Input: 01-input/goal.md (symptoms/objectives), 01-input/context.json (account/worker/resource/time_range, etc.)
  • Evidence: 02-analysis/observability.md, 02-analysis/audit.md, 02-analysis/screenshots/
  • Plan: 03-plans/change-plan.md (write operation plan; must write here and await confirmation first)
  • Output: 05-final/report.md (conclusion + evidence chain + tool call summary + next steps)
  • Logs: logs/events.jsonl (summary of each tool call)

Permission Tiers (Core Principles)

TierPurposeTool ScopeRisk Control
DiagnoseRead-only/query/troubleshootObservability, Builds, Browser, AuditDefault entry point, no write operations
ChangeCreate/modify/delete resourcesWorkers Bindings (KV/R2/D1)Requires user confirmation, post-execution verification
Super AdminHighest privilegesAll + Container SandboxOnly in isolated environments/test accounts

Tool Reference

Diagnose Tier (Read-only)

Observability

ToolPurpose
query_worker_observabilityQuery logs/metrics (events, CPU, error rate)
observability_keysDiscover available fields
observability_valuesExplore field values

Builds

ToolPurpose
workers_builds_list_buildsList build history
workers_builds_get_buildGet build details
workers_builds_get_build_logsGet build logs

Browser Rendering (Page Capture)

ToolPurpose
get_url_html_contentFetch page HTML
get_url_markdownConvert to Markdown
get_url_screenshotTake page screenshot

Audit Logs

ToolPurpose
auditlogs_by_account_idPull change history by time range

Change Tier (Write Operations)

Account

ToolPurpose
accounts_listList accounts
set_active_accountSet active account

Builds (Settings)

ToolPurpose
workers_builds_set_active_worker⚠️ Set active worker (requires confirmation)

KV

ToolPurpose
kv_namespaces_listList namespaces
kv_namespace_getGet details
kv_namespace_createCreate (⚠️ requires confirmation)
kv_namespace_updateUpdate (⚠️ requires confirmation)
kv_namespace_deleteDelete (⚠️ requires confirmation)

R2

ToolPurpose
r2_buckets_listList buckets
r2_bucket_getGet details
r2_bucket_createCreate (⚠️ requires confirmation)
r2_bucket_deleteDelete (⚠️ requires confirmation)

D1

ToolPurpose
d1_databases_listList databases
d1_database_getGet details
d1_database_queryExecute SQL
d1_database_createCreate (⚠️ requires confirmation)
d1_database_deleteDelete (⚠️ requires confirmation)

Hyperdrive

ToolPurpose
hyperdrive_configs_listList configs
hyperdrive_config_getGet details
hyperdrive_config_createCreate (⚠️ requires confirmation)
hyperdrive_config_editEdit (⚠️ requires confirmation)
hyperdrive_config_deleteDelete (⚠️ requires confirmation)

Workers

ToolPurpose
workers_listList workers
workers_get_workerGet worker details
workers_get_worker_codeGet source code

Super Admin Tier (Container Sandbox)

ToolPurpose
container_initializeInitialize container (~10 min lifecycle)
container_execExecute command
container_file_writeWrite file
container_file_readRead file
container_files_listList files
container_file_deleteDelete file

Container Notes: No persistent state, short lifespan, only for temporary tasks (running tests/reproducing issues/parsing data).

Security Rules (Must Follow)

Read Operations

  1. Define scope first: account / worker / resource ID
  2. No account? Run accounts_list first
  3. Conclusions must have evidence chain: logs/screenshots/audit records

Write Operations (Three-step Flow)

1. Plan: Read current state first (list/get)
2. Confirm: Output precise change (name/ID/impact scope), await user confirmation
3. Execute: create/delete/update
4. Verify: audit logs + observability confirm no new errors

Prohibited Actions

  • ❌ Execute create/delete/update without confirmation
  • ❌ Delete production resources (unless user explicitly says "delete production xxx")
  • ❌ Use Super Admin privileges in non-isolated environments
  • ❌ Use container sandbox as persistent environment

Operation Workflows

Troubleshooting Flow (Typical)

1. Clarify symptoms → worker name/time range/error type
2. query_worker_observability to pull logs/metrics
3. If build-related → workers_builds_get_build_logs
4. If page-related → get_url_screenshot to reproduce
5. Trace changes → auditlogs_by_account_id
6. Summarize: root cause + evidence + fix recommendations

Resource Management Flow

1. accounts_list → set_active_account
2. List resources (kv_namespaces_list / r2_buckets_list / d1_databases_list)
3. Plan changes → present to user
4. Execute after confirmation
5. Verify: audit logs + observability shows no errors

Output Format

  • Language: English
  • Structure: Conclusion → Key data/evidence → Tool call summary → Next steps
  • Write operations: Must clearly list operations to be executed and impact scope

Example output:

✅ Investigation complete: worker `api-gateway` experienced 5xx spike between 18:00-18:30

Root cause: New code deployed threw TypeError when processing /v2/users
Evidence:
- Logs: 18:02 first occurrence of "Cannot read property 'id' of undefined"
- Audit: 18:00 user dev@example.com deployed new version
- Metrics: error_rate jumped from 0.1% to 12%

Recommendation: Roll back to previous version, or fix /v2/users handler

Error Handling

SituationAction
Account not setRun accounts_listset_active_account first
Resource doesn't existVerify ID/name is correct, list available resources
Insufficient permissionsExplain required permissions, suggest checking API token scope
Observability query too longSplit into smaller time ranges, ask more specific questions

Scenario Examples

See scenarios.md for 20 real-world development scenarios.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

review-seo-audit

No summary provided by upstream source.

Repository SourceNeeds Review
39-heyvhuang
General

tool-openclaw

No summary provided by upstream source.

Repository SourceNeeds Review
52-heyvhuang
General

mcp-supabase

No summary provided by upstream source.

Repository SourceNeeds Review
47-heyvhuang
General

stripe

No summary provided by upstream source.

Repository SourceNeeds Review
44-heyvhuang