cloudflare-guard
Configures and manages Cloudflare DNS, caching, security rules, rate limiting, and Workers
Why use this skill?
Manage Cloudflare DNS, caching, and WAF rules securely. This OpenClaw skill follows a strict planning protocol to prevent downtime during infrastructure changes.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/guifav/cloudflare-guardWhat This Skill Does
The cloudflare-guard skill acts as an autonomous infrastructure engineer, enabling OpenClaw to manage your Cloudflare edge configurations with surgical precision. It automates the complex lifecycle of DNS management, security rules, and caching policies, specifically optimized for applications hosted on Vercel. By strictly adhering to a mandatory planning protocol, the agent ensures that every modification—whether it is adding a CNAME for a new staging environment or tightening WAF security—is verified against the current infrastructure state before execution. It handles API authentication securely, ensuring your sensitive tokens are never persisted in local storage.
Installation
To integrate cloudflare-guard into your environment, run the following command in your terminal: clawhub install openclaw/skills/skills/guifav/cloudflare-guard
Ensure you have your CLOUDFLARE_API_TOKEN and CLOUDFLARE_ZONE_ID exported as environment variables in your OpenClaw session before executing any commands.
Use Cases
- Zero-Downtime Migration: Automatically update DNS records to point a custom domain to Vercel without manual intervention.
- Security Hardening: Rapidly apply or audit rate-limiting and WAF rules during active security threats or suspected DDoS attacks.
- Environment Sync: Maintain parity between production and staging DNS configurations by auditing and updating zone records across multiple zones.
- Performance Optimization: Adjust caching and edge rules to optimize content delivery based on specific traffic patterns observed on the Vercel edge.
Example Prompts
- "Check my current DNS records for my-domain.com and let me know if there are any conflicts before adding a new CNAME for my Vercel production deployment."
- "Audit our current Cloudflare security settings. Are there any rate-limiting rules that might be blocking legitimate traffic from our mobile app?"
- "Plan and execute a DNS update to point the 'api' subdomain to our new Vercel endpoint. Please verify propagation once done."
Tips & Limitations
- Safety First: The skill enforces a planning protocol. Never attempt to bypass this process, as DNS changes carry inherent downtime risks.
- Environment Awareness: The skill is designed for Vercel-specific deployments. If you are using different origin servers, review the payload templates for A and CNAME records before execution.
- Propagation: Always account for TTL and DNS propagation delays. The skill logs expected wait times; rely on these to avoid premature verification checks.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-guifav-cloudflare-guard": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: network-access, external-api
Related Skills
supabase-ops
Manages Supabase migrations, types generation, RLS policies, and edge functions
interop-forge
Integration architect for multi-app monorepos — shared contracts, API-first design with OpenAPI, cross-app auth, auto-generated SDKs, and full MCP server scaffolding per app
stack-scaffold
Scaffolds a full-stack project with Next.js App Router, Supabase, Firebase Auth, Vercel, and Cloudflare
firebase-auth-setup
Configures Firebase Authentication — providers, security rules, custom claims, and React auth hooks
gcp-fullstack
Full-stack super agent for projects on Google Cloud Platform with GitHub and Cloudflare — covers scaffolding, compute, database, auth, deploy, CDN, and security