SkillRepo
Sign InSign Up
Catalog
openai/cloudflare-deploy

openai

cloudflare-deploy

Deploy applications and infrastructure to Cloudflare using Workers, Pages, and related platform services. Use when the user asks to deploy, host, publish, or set up a project on Cloudflare.

global
0installs0uses~1.8k
v1.0Saved Apr 5, 2026

Cloudflare Deploy

Consolidated skill for building on the Cloudflare platform. Use decision trees below to find the right product, then load detailed references.

Prerequisites

  • When sandboxing blocks the deployment network calls, rerun with sandbox_permissions=require_escalated.
  • The deployment might take a few minutes. Use appropriate timeout values.

Authentication (Required Before Deploy)

Verify auth before wrangler deploy, wrangler pages deploy, or npm run deploy:

npx wrangler whoami    # Shows account if authenticated

Not authenticated? → references/wrangler/auth.md

  • Interactive/local: wrangler login (one-time OAuth)
  • CI/CD: Set CLOUDFLARE_API_TOKEN env var

Quick Decision Trees

"I need to run code"

Need to run code?
├─ Serverless functions at the edge → workers/
├─ Full-stack web app with Git deploys → pages/
├─ Stateful coordination/real-time → durable-objects/
├─ Long-running multi-step jobs → workflows/
├─ Run containers → containers/
├─ Multi-tenant (customers deploy code) → workers-for-platforms/
├─ Scheduled tasks (cron) → cron-triggers/
├─ Lightweight edge logic (modify HTTP) → snippets/
├─ Process Worker execution events (logs/observability) → tail-workers/
└─ Optimize latency to backend infrastructure → smart-placement/

"I need to store data"

Need storage?
├─ Key-value (config, sessions, cache) → kv/
├─ Relational SQL → d1/ (SQLite) or hyperdrive/ (existing Postgres/MySQL)
├─ Object/file storage (S3-compatible) → r2/
├─ Message queue (async processing) → queues/
├─ Vector embeddings (AI/semantic search) → vectorize/
├─ Strongly-consistent per-entity state → durable-objects/ (DO storage)
├─ Secrets management → secrets-store/
├─ Streaming ETL to R2 → pipelines/
└─ Persistent cache (long-term retention) → cache-reserve/

"I need AI/ML"

Need AI?
├─ Run inference (LLMs, embeddings, images) → workers-ai/
├─ Vector database for RAG/search → vectorize/
├─ Build stateful AI agents → agents-sdk/
├─ Gateway for any AI provider (caching, routing) → ai-gateway/
└─ AI-powered search widget → ai-search/

"I need networking/connectivity"

Need networking?
├─ Expose local service to internet → tunnel/
├─ TCP/UDP proxy (non-HTTP) → spectrum/
├─ WebRTC TURN server → turn/
├─ Private network connectivity → network-interconnect/
├─ Optimize routing → argo-smart-routing/
├─ Optimize latency to backend (not user) → smart-placement/
└─ Real-time video/audio → realtimekit/ or realtime-sfu/

"I need security"

Need security?
├─ Web Application Firewall → waf/
├─ DDoS protection → ddos/
├─ Bot detection/management → bot-management/
├─ API protection → api-shield/
├─ CAPTCHA alternative → turnstile/
└─ Credential leak detection → waf/ (managed ruleset)

"I need media/content"

Need media?
├─ Image optimization/transformation → images/
├─ Video streaming/encoding → stream/
├─ Browser automation/screenshots → browser-rendering/
└─ Third-party script management → zaraz/

"I need infrastructure-as-code"

Need IaC? → pulumi/ (Pulumi), terraform/ (Terraform), or api/ (REST API)

Product Index

Compute & Runtime

Product Reference
Workers references/workers/
Pages references/pages/
Pages Functions references/pages-functions/
Durable Objects references/durable-objects/
Workflows references/workflows/
Containers references/containers/
Workers for Platforms references/workers-for-platforms/
Cron Triggers references/cron-triggers/
Tail Workers references/tail-workers/
Snippets references/snippets/
Smart Placement references/smart-placement/

Storage & Data

Product Reference
KV references/kv/
D1 references/d1/
R2 references/r2/
Queues references/queues/
Hyperdrive references/hyperdrive/
DO Storage references/do-storage/
Secrets Store references/secrets-store/
Pipelines references/pipelines/
R2 Data Catalog references/r2-data-catalog/
R2 SQL references/r2-sql/

AI & Machine Learning

Product Reference
Workers AI references/workers-ai/
Vectorize references/vectorize/
Agents SDK references/agents-sdk/
AI Gateway references/ai-gateway/
AI Search references/ai-search/

Networking & Connectivity

Product Reference
Tunnel references/tunnel/
Spectrum references/spectrum/
TURN references/turn/
Network Interconnect references/network-interconnect/
Argo Smart Routing references/argo-smart-routing/
Workers VPC references/workers-vpc/

Security

Product Reference
WAF references/waf/
DDoS Protection references/ddos/
Bot Management references/bot-management/
API Shield references/api-shield/
Turnstile references/turnstile/

Media & Content

Product Reference
Images references/images/
Stream references/stream/
Browser Rendering references/browser-rendering/
Zaraz references/zaraz/

Real-Time Communication

Product Reference
RealtimeKit references/realtimekit/
Realtime SFU references/realtime-sfu/

Developer Tools

Product Reference
Wrangler references/wrangler/
Miniflare references/miniflare/
C3 references/c3/
Observability references/observability/
Analytics Engine references/analytics-engine/
Web Analytics references/web-analytics/
Sandbox references/sandbox/
Workerd references/workerd/
Workers Playground references/workers-playground/

Infrastructure as Code

Product Reference
Pulumi references/pulumi/
Terraform references/terraform/
API references/api/

Other Services

Product Reference
Email Routing references/email-routing/
Email Workers references/email-workers/
Static Assets references/static-assets/
Bindings references/bindings/
Cache Reserve references/cache-reserve/

Troubleshooting

Escalated Network Access

If deployment fails due to network issues (timeouts, DNS errors, connection resets), rerun the deploy with escalated permissions (use sandbox_permissions=require_escalated). The deploy requires escalated network access when sandbox networking blocks outbound requests.

Example guidance to the user:

The deploy needs escalated network access to deploy to Cloudflare. I can rerun the command with escalated permissions—want me to proceed?
Files311
311 files · 1.3 MB

Select a file to preview

Grade adjusted by static analysis guardrails

AI scored this skill as grade B, but static analysis findings capped it to C:

  • Hardcoded credentials or secrets detected in content (max: C)
  • Pipe-to-shell pattern (curl/wget piped to sh/bash) (max: B)
  • Recursive deletion pattern (rm -rf) (max: B)
  • SSH key or credentials file access (max: B)

Overall Score

78/100

Grade

C

Adequate

Safety

82

Quality

82

Clarity

81

Completeness

70

Summary

This is a comprehensive Cloudflare platform skill that acts as a deployment router and decision guide. It directs users to 70+ product-specific reference documents covering compute (Workers, Pages, Durable Objects), storage (KV, R2, D1), AI/ML (Workers AI, Vectorize, Agents SDK), networking (Tunnel, Spectrum, Smart Routing), security (WAF, Bot Management, API Shield), and developer tools. The skill provides decision trees to match user intent to the right Cloudflare product, then cross-references detailed technical guides.

Static Analysis Findings

10 findings

Patterns detected by deterministic static analysis before AI scoring. Hover over any finding code for detailed information and remediation guidance.

Remote Code Execution
SEC-031Script Download

Dynamic script download for execution

references/sandbox/patterns.mdcurl -fsSL https://code-server.dev/install.sh
70% confidenceCWE-494: Download of Code Without Integrity Check
Credential Exposure
SEC-020Direct .env File Access150x in 58 files

Direct .env file access

references/ai-gateway/sdk-integration.md.env6x
references/agents-sdk/configuration.md.env
references/ai-gateway/configuration.md.env
85% confidenceCWE-538: Sensitive Info in Externally-Accessible File
SEC-021Hardcoded API Key or Token5x in 5 filesMax: C

Hardcoded API key or token pattern

references/bindings/patterns.mdapiKey = 'sk_live_abc123
references/miniflare/configuration.mdSECRET_KEY: "my-secret-value
references/pages/configuration.mdSECRET_KEY="local-secret-key
95% confidenceCWE-798: Hard-coded CredentialsOWASP: Hard-coded Passwords
SEC-022SSH/Credentials File Access2x in 1 fileMax: B

SSH key or credentials file access

references/tunnel/patterns.mdcredentials.json2x
90% confidenceCWE-522: Insufficiently Protected Credentials
SEC-023Plaintext Password or Secret2x in 2 filesMax: C

Password or secret in plaintext

references/turn/gotchas.mdsecret = 'your-turn-key-secret
references/turnstile/configuration.mdsecret: 'YOUR_SECRET_KEY
85% confidenceCWE-256: Plaintext Storage of a Password
Data Exfiltration
SEC-040Outbound Data Transmission3x in 2 files

Outbound data transmission (curl POST/PUT with data)

references/workers-for-platforms/configuration.mdcurl -X PUT ".../tags" -d
references/workflows/api.mdcurl -X POST "https://api.cloudflare.com/client/v4/accounts/{account_id}/workflows/{workflow_name}/instances" -H "Author...curl -X POST "https://api.cloudflare.com/client/v4/accounts/{account_id}/workflows/{workflow_name}/instances/{instance_i...2x
70% confidenceCWE-200: Exposure of Sensitive Information
Command Injection
SEC-010Pipe-to-ShellMax: B

Pipe-to-shell pattern (curl/wget piped to sh/bash)

references/sandbox/patterns.mdcurl -fsSL https://code-server.dev/install.sh | sh
100% confidenceCWE-78: OS Command InjectionOWASP: Command Injection
Destructive Operation
SEC-002Privilege Escalation2x in 1 file

Privilege escalation (sudo)

references/tunnel/patterns.mdsudo csudo l2x
90% confidenceCWE-269: Improper Privilege Management
SEC-001Recursive DeletionMax: B

Recursive deletion pattern (rm -rf)

references/wrangler/gotchas.mdrm -rf
100% confidenceCWE-379: Unrestricted File Deletion
Network Access
SEC-060Outbound Network Request8x in 8 files

Outbound network request (curl/wget/fetch)

references/ai-gateway/sdk-integration.mdcurl https://
references/ai-gateway/configuration.mdcurl https://
references/ai-search/api.mdcurl https://
50% confidenceCWE-918: Server-Side Request Forgery (SSRF)

Detected Capabilities

decision tree routing (compute, storage, ai, networking, security)product index and cross-referencingquick start guidance and authentication flowstroubleshooting escalation (sandbox permissions, network access)product capability mapping and selection logic

Trigger Keywords

Phrases that MCP clients use to match this skill to user intent.

deploy cloudflarechoose cloudflare productcloudflare workers or pagesconfigure cloudflare serviceset up ai on cloudflarecloudflare storage optionscloudflare networkingcloudflare security

Risk Signals

INFO

Extensive .env file references across 100+ files (SEC-020)

multiple reference files
INFO

Hardcoded API key examples (SEC-021)

references/bindings/patterns.md, references/miniflare/configuration.md, references/pages/configuration.md, references/pages-functions/configuration.md, references/realtimekit/README.md, references/turnstile/configuration.md
INFO

Network requests documented (SEC-060)

multiple reference files (curl examples, API integration docs)
WARNING

Pipe-to-shell pattern (SEC-010)

references/sandbox/patterns.md - `curl -fsSL https://code-server.dev/install.sh | sh`
INFO

Privilege escalation with sudo (SEC-002)

references/tunnel/patterns.md
INFO

Credentials file access (SEC-022)

references/tunnel/patterns.md - credentials.json references
INFO

Recursive deletion rm -rf (SEC-001)

references/wrangler/gotchas.md
INFO

curl POST with data to external URL (SEC-040)

references/workers-for-platforms/configuration.md, references/workflows/api.md

Referenced Domains

External domains referenced in skill content, detected by static analysis.

${accountid}.r2.cloudflarestorage.com${cloudflare_worker_domain.api.hostname}${env.account_id}.r2.cloudflarestorage.com...127.0.0.18080-sandbox-abc123def456.yourdomain.comabc123.r2.cloudflarestorage.comanalytics.example.comany-hostapiapi.cloudflare.comapi.comapi.example.comapi.honeycomb.ioapi.partner.comapi.prod.comapp.example.comassets.localauth-worker.example.comauth.example.combatchblog.cloudflare.comcdn.example.comcdn.jsdelivr.netchallenges.cloudflare.comchallenges.cloudflare.com;cloud.google.comcloudflareinsights.com;code-server.devcommunity.cloudflare.comcontainercrontab.gurudash.cloudflare.comdatatracker.ietf.orgdemo.orange.cloudflare.devdeploy.workers.cloudflare.comdevelopers.cloudflare.comdiscord.cloudflare.comdiscord.comdiscord.ggdodocs.realtime.cloudflare.comesm.shexample.comfakefake-hostfiles.example.comfoo.example.comforms.glegateway.ai.cloudflare.comgithub.comhooks.example.comiceberg.apache.orgignored.hostimagedelivery.netlocalhostlog.example.comlogging.example.comlogs.example.commcp.example.comminiflare.devmonitoring.example.commyapp.example.comowasp.orgproducer.example.workers.devpub-${hashid}.r2.devpy.iceberg.apache.orgraw.githubusercontent.comregistry.terraform.ioreports.example.comrtc.livertc.live.cloudflare.comstaging-api.example.comstatic.cloudflareinsights.comstatic.cloudflareinsights.com;track.example.comweb.devwebhook.siteworkers.cloudflare.comwww.apache.orgwww.npmjs.comwww.pulumi.comxyour-worker.workers.devyourdomain.com{stream-id}.ingest.cloudflare.com

Use Cases

  • choosing right cloudflare product for deployment task
  • navigating cloudflare platform documentation structure
  • understanding when to use workers vs pages vs durable objects
  • finding configuration examples for specific cloudflare service
  • routing user to detailed api/pattern/troubleshooting guides

Quality Notes

  • ✅ Comprehensive product coverage (70+ services) with clear hierarchical organization
  • ✅ Multiple entry points via decision trees for different user intents (compute, storage, AI, networking, security)
  • ✅ Clear reading order guidance within each product (README → configuration → api → patterns → gotchas)
  • ✅ Consistent cross-referencing between related products (e.g., workers ↔ bindings ↔ kv)
  • ✅ Product selection guidance (decision trees answering 'when to use X vs Y')
  • ✅ Well-structured content with clear headings, tables, and code examples
  • ⚠️ Skill itself is primarily a navigation/routing guide, not implementation instructions - relies heavily on referenced files for actual technical content
  • ⚠️ Some product references may be out of date (references beta products, deprecated APIs) - maintenance burden high with 70+ reference files
  • ✅ Escalation guidance for network/sandbox issues documented clearly
  • ✅ Authentication section up-front establishes prerequisites before deployment suggestions
Model: claude-haiku-4-5-20251001Analyzed: Apr 5, 2026

Reviews

Add this skill to your library to leave a review.

No reviews yet

Be the first to share your experience.

Add openai/cloudflare-deploy to your library

Get Started Free

Command Palette

Search for a command to run...