RonanCodes/cloudflare-dns
skills/cloudflare-dns/SKILL.md
Manage Cloudflare DNS records via the API — add, update, or delete subdomains (A, AAAA, CNAME, TXT, MX). Use when user wants to add a subdomain, point a DNS record, create/update/delete DNS entries on Cloudflare, or set up a custom domain for a hosted app (Fly, Vercel, Render, etc.).
development
Updated Apr 23, 2026
$ install --global
skillsauthnpx skillsauth add RonanCodes/ronan-skills cloudflare-dnsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 24, 2026, 1:00 AM13.3s1 file scanned
SKILL.md
- name:
- cloudflare-dns
- description:
- Manage Cloudflare DNS records via the API — add, update, or delete subdomains (A, AAAA, CNAME, TXT, MX). Use when user wants to add a subdomain, point a DNS record, create/update/delete DNS entries on Cloudflare, or set up a custom domain for a hosted app (Fly, Vercel, Render, etc.).
- category:
- deployment
- argument-hint:
- <subcommand> [args]
- allowed-tools:
- Bash(curl *) Bash(jq *) Read Write Edit
Cloudflare DNS
Manage DNS records on Cloudflare via the API v4. Typical use: pointing a subdomain at a Fly.io / Vercel / Render hostname.
Usage
/ro:cloudflare-dns add api.myapp.com CNAME myapp.fly.dev --proxied
/ro:cloudflare-dns list myapp.com
/ro:cloudflare-dns update <record-id> <zone-id> --content new-target.fly.dev
/ro:cloudflare-dns delete api.myapp.com
Process
1. Load credentials
Check in order for CLOUDFLARE_API_TOKEN (required) and optionally CLOUDFLARE_ZONE_ID, CLOUDFLARE_ACCOUNT_ID:
${CLAUDE_PLUGIN_DATA}/.env(preferred — plugin-wide, survives updates)~/.config/ro/.env- Project root
.env - Shell env var
Expected shape:
CLOUDFLARE_API_TOKEN=... # required
CLOUDFLARE_ZONE_ID=... # optional: skips lookup in step 2
CLOUDFLARE_ACCOUNT_ID=... # optional: needed for tunnels/workers
If token missing: direct user to https://dash.cloudflare.com/profile/api-tokens → Create Token → template "Edit zone DNS" (scopes: Zone:DNS:Edit, Zone:Zone:Read; add Tunnel:Edit if you also plan to use tunnels). Save:
mkdir -p "$CLAUDE_PLUGIN_DATA" && chmod 700 "$CLAUDE_PLUGIN_DATA"
cat >> "$CLAUDE_PLUGIN_DATA/.env" <<'EOF'
CLOUDFLARE_API_TOKEN=...
CLOUDFLARE_ZONE_ID=...
CLOUDFLARE_ACCOUNT_ID=...
EOF
chmod 600 "$CLAUDE_PLUGIN_DATA/.env"
2. Resolve zone ID
If CLOUDFLARE_ZONE_ID is already in the env and matches the apex of the record you're editing, skip the lookup. Otherwise resolve it:
ZONE_ID=$(curl -s "https://api.cloudflare.com/client/v4/zones?name=myapp.com" \
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" | jq -r '.result[0].id')
Quick sanity check when using the env zone ID:
curl -s "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID" \
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" | jq -r '.result.name'
If null: the domain isn't on Cloudflare or the token lacks Zone:Zone:Read. Stop and tell the user.
3. Perform the operation
Base URL: https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records
Add (POST):
curl -s -X POST "$BASE" \
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
-H "Content-Type: application/json" \
-d '{"type":"CNAME","name":"api","content":"myapp.fly.dev","ttl":1,"proxied":true}'
ttl: 1= autoproxied: true= orange cloud (Cloudflare in front). Usefalsefor Fly.io custom domains that need direct TLS termination on Fly.
List (GET): curl -s "$BASE?name=api.myapp.com" -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" — returns record id + current values.
Update (PATCH $BASE/<record_id>): send only changed fields.
Delete (DELETE $BASE/<record_id>): always confirm with the user first — deleting DNS can drop production traffic.
4. Verify
After a write, re-fetch the record and show the user the final name, type, content, proxied, ttl. Mention propagation: Cloudflare is fast (~seconds) but downstream resolvers may cache for up to TTL.
Fly.io custom domain recipe
When chaining with /ro:fly-deploy:
flyctl certs create api.myapp.com -a <app>→ fly returns required DNS records- Add the acme challenge CNAME (usually
_acme-challenge.api.myapp.com→<app>.fly.dev) withproxied: false - Add the main
api.myapp.comrecord as either:- CNAME →
<app>.fly.dev(proxied: false — let Fly terminate TLS), OR - A/AAAA → fly shared IPs from
flyctl ips list -a <app>(proxied: true OK)
- CNAME →
flyctl certs show api.myapp.com -a <app>— wait forIssuedstatus
Error handling
- 401/403: Token invalid or missing
Zone:DNS:Editscope errors[].code: 81057: Record already exists — list first, then PATCH instead of POSTerrors[].code: 1004: Bad DNS content (e.g. CNAME pointing to raw IP)success: false: Surface theerrors[]array verbatim to the user
Safety
- Never delete records without explicit user confirmation
- For prod zones, show the existing record value before overwriting
- Never log the
CLOUDFLARE_API_TOKENvalue
Related Skills
RonanCodes/linear-update
development
VerifiedTrustedCommunity
Close the loop on a Linear ticket when its work ships - move the status and post a deploy comment with the PR link, what shipped, and a try-it link, mentioning the collaborator. Used as the tail of /ro:linear-nightshift for every merged mirror, or manually after an ad-hoc build. Triggers on "linear update", "update the linear ticket", "mark NUT-x done", "tell eoin it shipped", "/ro:linear-update".
SKILL.mdUpdated Jun 12, 2026
RonanCodes/linear-nightshift
devops
VerifiedTrustedCommunity
Run a night-shift against a collaborator's Linear board. Pulls the team's Grilled tickets (/ro:linear-grill moves a ticket to Grilled once its questions are answered), VERIFIES the questions were actually answered (unanswered → bounce the ticket to the "Question for <name>" state), mirrors verified tickets to ephemeral GitHub issues with ready-for-agent, then runs the standard /ro:night-shift machinery on GitHub. Tail-calls /ro:linear-update for everything that merged + deployed. Triggers on "linear nightshift", "nightshift linear", "drain the linear board", "run the shift off linear", "/ro:linear-nightshift".
SKILL.mdUpdated Jun 12, 2026
RonanCodes/linear-grill
development
VerifiedTrustedCommunity
Grill a collaborator's Linear tickets and move every processed ticket to where it belongs. Resolves the board from the repo's .ro-linear.json, reads the collaborator's Backlog / Ready-for-agent issues, then per ticket either posts 3-5 decision-extracting questions (state moves to "Question for <name>") or confirms it build-ready (state moves to "Grilled", the gate /ro:linear-nightshift consumes); shipped-and-confirmed tickets close as Done. The async-collaborator counterpart of /ro:day-shift for people who never touch GitHub. Triggers on "grill linear", "grill eoin's tickets", "linear grill", "add questions to the linear tickets", "/ro:linear-grill".
SKILL.mdUpdated Jun 12, 2026
RonanCodes/skills/about-page
development
VerifiedTrustedCommunity
--- name: about-page description: Add a standard About page to any web app, what it is, the tech stack, and an FAQ, wired into a footer link with a sticky footer. Built with Spartan + Tailwind (the canonical component layer) and falls back to semantic HTML so it ships reliably. Use whenever building, polishing, or shipping an app, every app should have one. Triggers on "add an about page", "about page", "footer about link", or as a standard step in app build/polish. category: frontend argument-h
SKILL.mdUpdated Jun 9, 2026