Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

seaworld008/cloudflare-troubleshooting

Name: cloudflare-troubleshooting
Author: seaworld008

openclaw-skills/cloudflare-troubleshooting/SKILL.md

npx skillsauth add seaworld008/commonly-used-high-value-skills cloudflare-troubleshooting

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Cloudflare Troubleshooting

Core Principle

Investigate with evidence, not assumptions. Always query Cloudflare API to examine actual configuration before diagnosing issues. The skill's value is the systematic investigation methodology, not predetermined solutions.

Investigation Methodology

1. Gather Credentials

Request from user:

Domain name
Cloudflare account email
Cloudflare Global API Key (or API Token)

Global API Key location: Cloudflare Dashboard → My Profile → API Tokens → View Global API Key

2. Get Zone Information

First step for any Cloudflare troubleshooting - obtain the zone ID:

curl -s -X GET "https://api.cloudflare.com/client/v4/zones?name=<domain>" \
  -H "X-Auth-Email: <email>" \
  -H "X-Auth-Key: <api_key>" | jq '.'

Extract zone_id from result[0].id for subsequent API calls.

3. Investigate Systematically

For each issue, gather evidence before making conclusions. Use Cloudflare API to inspect:

Current configuration state
Recent changes (if audit log available)
Related settings that might interact

Common Investigation Patterns

Redirect Loops (ERR_TOO_MANY_REDIRECTS)

Evidence gathering sequence:

Check SSL/TLS mode:

curl -X GET "https://api.cloudflare.com/client/v4/zones/{zone_id}/settings/ssl" \
  -H "X-Auth-Email: email" \
  -H "X-Auth-Key: key"

Look for: result.value - tells current SSL mode

Check Always Use HTTPS setting:

curl -X GET "https://api.cloudflare.com/client/v4/zones/{zone_id}/settings/always_use_https" \
  -H "X-Auth-Email: email" \
  -H "X-Auth-Key: key"

Check Page Rules for redirects:

curl -X GET "https://api.cloudflare.com/client/v4/zones/{zone_id}/pagerules" \
  -H "X-Auth-Email: email" \
  -H "X-Auth-Key: key"

Look for: forwarding_url or always_use_https actions

Test origin server directly (if possible):

curl -I -H "Host: <domain>" https://<origin_ip>

Diagnosis logic:

SSL mode "flexible" + origin enforces HTTPS = redirect loop
Multiple redirect rules can conflict
Check browser vs curl behavior differences

Fix:

curl -X PATCH "https://api.cloudflare.com/client/v4/zones/{zone_id}/settings/ssl" \
  -H "X-Auth-Email: email" \
  -H "X-Auth-Key: key" \
  -H "Content-Type: application/json" \
  --data '{"value":"full"}'

Purge cache after fix:

curl -X POST "https://api.cloudflare.com/client/v4/zones/{zone_id}/purge_cache" \
  -H "X-Auth-Email: email" \
  -H "X-Auth-Key: key" \
  -d '{"purge_everything":true}'

DNS Issues

Evidence gathering:

List DNS records:

curl -X GET "https://api.cloudflare.com/client/v4/zones/{zone_id}/dns_records" \
  -H "X-Auth-Email: email" \
  -H "X-Auth-Key: key"

Check external DNS resolution:
```
dig <domain>
dig @8.8.8.8 <domain>
```

Check DNSSEC status:

curl -X GET "https://api.cloudflare.com/client/v4/zones/{zone_id}/dnssec" \
  -H "X-Auth-Email: email" \
  -H "X-Auth-Key: key"

Look for:

Missing A/AAAA/CNAME records
Incorrect proxy status (proxied vs DNS-only)
TTL values
Conflicting records

SSL Certificate Errors

Evidence gathering:

Check SSL certificate status:

curl -X GET "https://api.cloudflare.com/client/v4/zones/{zone_id}/ssl/certificate_packs" \
  -H "X-Auth-Email: email" \
  -H "X-Auth-Key: key"

Check origin certificate (if using Full Strict):

openssl s_client -connect <origin_ip>:443 -servername <domain>

Check SSL settings:
- Minimum TLS version
- TLS 1.3 status
- Opportunistic Encryption

Common issues:

Error 526: SSL mode is "strict" but origin cert invalid
Error 525: SSL handshake failure at origin
Provisioning delay: Wait 15-30 minutes for Universal SSL

Origin Server Errors (502/503/504)

Evidence gathering:

Check if origin is reachable:

curl -I -H "Host: <domain>" https://<origin_ip>

Check DNS records point to correct origin:

curl -X GET "https://api.cloudflare.com/client/v4/zones/{zone_id}/dns_records" \
  -H "X-Auth-Email: email" \
  -H "X-Auth-Key: key"

Review load balancer config (if applicable):

curl -X GET "https://api.cloudflare.com/client/v4/zones/{zone_id}/load_balancers" \
  -H "X-Auth-Email: email" \
  -H "X-Auth-Key: key"

Check firewall rules:

curl -X GET "https://api.cloudflare.com/client/v4/zones/{zone_id}/firewall/rules" \
  -H "X-Auth-Email: email" \
  -H "X-Auth-Key: key"

Learning New APIs

When encountering issues not covered above, consult Cloudflare API documentation:

Browse API reference: https://developers.cloudflare.com/api/
Search for relevant endpoints using issue keywords
Check API schema to understand available operations
Test with GET requests first to understand data structure
Make changes with PATCH/POST after confirming approach

Pattern for exploring new APIs:

# List available settings for a zone
curl -X GET "https://api.cloudflare.com/client/v4/zones/{zone_id}/settings" \
  -H "X-Auth-Email: email" \
  -H "X-Auth-Key: key"

API Reference Overview

Consult references/api_overview.md for:

Common endpoints organized by category
Request/response schemas
Authentication patterns
Rate limits and error handling

Consult references/ssl_modes.md for:

Detailed SSL/TLS mode explanations
Platform compatibility
Security implications

Consult references/common_issues.md for:

Issue patterns and symptoms
Investigation checklists
Platform-specific notes

Best Practices

Evidence-Based Investigation

Query before assuming - Use API to check actual state
Gather multiple data points - Cross-reference settings
Check related configurations - Settings often interact
Verify externally - Use dig/curl to confirm
Test incrementally - One change at a time

API Usage

Parse JSON responses - Use jq or python for readability
Check success field - "success": true/false in responses
Handle errors gracefully - Read errors array in responses
Respect rate limits - Cloudflare API has limits
Use appropriate methods:
- GET: Retrieve information
- PATCH: Update settings
- POST: Create resources / trigger actions
- DELETE: Remove resources

Making Changes

Gather evidence first - Understand current state
Identify root cause - Don't guess
Apply targeted fix - Change only what's needed
Purge cache if needed - Especially for SSL/redirect changes
Verify fix - Re-query API to confirm
Inform user of wait times:
- Edge server propagation: 30-60 seconds
- DNS propagation: Up to 48 hours
- Browser cache: Requires manual clear

Security

Never log API keys in output
Warn if user shares credentials in public context
Recommend API Tokens with scoped permissions over Global API Key
Use read-only operations for investigation

Workflow Template

1. Gather: domain, email, API key
2. Get zone_id via zones API
3. Investigate:
   - Query relevant APIs for evidence
   - Check multiple related settings
   - Verify with external tools (dig, curl)
4. Analyze evidence to determine root cause
5. Apply fix via appropriate API endpoint
6. Purge cache if configuration change affects delivery
7. Verify fix via API query and external testing
8. Inform user of resolution and any required actions

Example: Complete Investigation

When user reports "site shows ERR_TOO_MANY_REDIRECTS":

# 1. Get zone ID
curl -s -X GET "https://api.cloudflare.com/client/v4/zones?name=example.com" \
  -H "X-Auth-Email: [email protected]" \
  -H "X-Auth-Key: abc123" | jq '.result[0].id'

# 2. Check SSL mode (primary suspect for redirect loops)
curl -s -X GET "https://api.cloudflare.com/client/v4/zones/ZONE_ID/settings/ssl" \
  -H "X-Auth-Email: [email protected]" \
  -H "X-Auth-Key: abc123" | jq '.result.value'

# If returns "flexible" and origin is GitHub Pages/Netlify/Vercel:

# 3. Fix by changing to "full"
curl -X PATCH "https://api.cloudflare.com/client/v4/zones/ZONE_ID/settings/ssl" \
  -H "X-Auth-Email: [email protected]" \
  -H "X-Auth-Key: abc123" \
  -H "Content-Type: application/json" \
  --data '{"value":"full"}'

# 4. Purge cache
curl -X POST "https://api.cloudflare.com/client/v4/zones/ZONE_ID/purge_cache" \
  -H "X-Auth-Email: [email protected]" \
  -H "X-Auth-Key: abc123" \
  -d '{"purge_everything":true}'

# 5. Inform user: Wait 60 seconds, clear browser cache, retry

When Scripts Are Useful

The bundled scripts (scripts/check_cloudflare_config.py, scripts/fix_ssl_mode.py) serve as:

Reference implementations of investigation patterns
Quick diagnostic tools when Python is available
Examples of programmatic API usage

However, prefer direct API calls via Bash/curl for flexibility and transparency. Scripts should not limit capability - use them when convenient, but use raw API calls when needed for:

Unfamiliar scenarios
Edge cases
Learning/debugging
Operations not covered by scripts

The investigation methodology and API knowledge is the core skill, not the scripts.

seaworld008/cloudflare-troubleshooting

openclaw-skills/cloudflare-troubleshooting/SKILL.md

Investigate and resolve Cloudflare configuration issues using API-driven evidence gathering. Use when troubleshooting ERR_TOO_MANY_REDIRECTS, SSL errors, DNS issues, or any Cloudflare-related problems. Focus on systematic investigation using Cloudflare API to examine actual configuration rather than making assumptions.

25 stars

development

Updated May 6, 2026

$ install --global

skillsauth

npx skillsauth add seaworld008/commonly-used-high-value-skills cloudflare-troubleshooting

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: May 6, 2026, 5:21 AM175.6s6 files scanned

SKILL.md

name:: cloudflare-troubleshooting
description:: Investigate and resolve Cloudflare configuration issues using API-driven evidence gathering. Use when troubleshooting ERR_TOO_MANY_REDIRECTS, SSL errors, DNS issues, or any Cloudflare-related problems. Focus on systematic investigation using Cloudflare API to examine actual configuration rather than making assumptions.
version:: 1.0.0
author:: seaworld008
source:: in-house
tags:: ["cloudflare", "devops", "sre", "troubleshooting"]
created_at:: 2026-03-04
updated_at:: 2026-03-20
quality:: 5
complexity:: intermediate

Cloudflare Troubleshooting

Core Principle

Investigation Methodology

1. Gather Credentials

Request from user:

Domain name
Cloudflare account email
Cloudflare Global API Key (or API Token)

Global API Key location: Cloudflare Dashboard → My Profile → API Tokens → View Global API Key

2. Get Zone Information

First step for any Cloudflare troubleshooting - obtain the zone ID:

curl -s -X GET "https://api.cloudflare.com/client/v4/zones?name=<domain>" \
  -H "X-Auth-Email: <email>" \
  -H "X-Auth-Key: <api_key>" | jq '.'

Extract zone_id from result[0].id for subsequent API calls.

3. Investigate Systematically

For each issue, gather evidence before making conclusions. Use Cloudflare API to inspect:

Current configuration state
Recent changes (if audit log available)
Related settings that might interact

Common Investigation Patterns

Redirect Loops (ERR_TOO_MANY_REDIRECTS)

Evidence gathering sequence:

Check SSL/TLS mode:

curl -X GET "https://api.cloudflare.com/client/v4/zones/{zone_id}/settings/ssl" \
  -H "X-Auth-Email: email" \
  -H "X-Auth-Key: key"

Look for: result.value - tells current SSL mode

Check Always Use HTTPS setting:

curl -X GET "https://api.cloudflare.com/client/v4/zones/{zone_id}/settings/always_use_https" \
  -H "X-Auth-Email: email" \
  -H "X-Auth-Key: key"

Check Page Rules for redirects:

curl -X GET "https://api.cloudflare.com/client/v4/zones/{zone_id}/pagerules" \
  -H "X-Auth-Email: email" \
  -H "X-Auth-Key: key"

Look for: forwarding_url or always_use_https actions

Test origin server directly (if possible):

curl -I -H "Host: <domain>" https://<origin_ip>

Diagnosis logic:

SSL mode "flexible" + origin enforces HTTPS = redirect loop
Multiple redirect rules can conflict
Check browser vs curl behavior differences

Fix:

curl -X PATCH "https://api.cloudflare.com/client/v4/zones/{zone_id}/settings/ssl" \
  -H "X-Auth-Email: email" \
  -H "X-Auth-Key: key" \
  -H "Content-Type: application/json" \
  --data '{"value":"full"}'

Purge cache after fix:

curl -X POST "https://api.cloudflare.com/client/v4/zones/{zone_id}/purge_cache" \
  -H "X-Auth-Email: email" \
  -H "X-Auth-Key: key" \
  -d '{"purge_everything":true}'

DNS Issues

Evidence gathering:

List DNS records:

curl -X GET "https://api.cloudflare.com/client/v4/zones/{zone_id}/dns_records" \
  -H "X-Auth-Email: email" \
  -H "X-Auth-Key: key"

Check external DNS resolution:
```
dig <domain>
dig @8.8.8.8 <domain>
```

Check DNSSEC status:

curl -X GET "https://api.cloudflare.com/client/v4/zones/{zone_id}/dnssec" \
  -H "X-Auth-Email: email" \
  -H "X-Auth-Key: key"

Look for:

Missing A/AAAA/CNAME records
Incorrect proxy status (proxied vs DNS-only)
TTL values
Conflicting records

SSL Certificate Errors

Evidence gathering:

Check SSL certificate status:

curl -X GET "https://api.cloudflare.com/client/v4/zones/{zone_id}/ssl/certificate_packs" \
  -H "X-Auth-Email: email" \
  -H "X-Auth-Key: key"

Check origin certificate (if using Full Strict):

openssl s_client -connect <origin_ip>:443 -servername <domain>

Check SSL settings:
- Minimum TLS version
- TLS 1.3 status
- Opportunistic Encryption

Common issues:

Error 526: SSL mode is "strict" but origin cert invalid
Error 525: SSL handshake failure at origin
Provisioning delay: Wait 15-30 minutes for Universal SSL

Origin Server Errors (502/503/504)

Evidence gathering:

Check if origin is reachable:

curl -I -H "Host: <domain>" https://<origin_ip>

Check DNS records point to correct origin:

curl -X GET "https://api.cloudflare.com/client/v4/zones/{zone_id}/dns_records" \
  -H "X-Auth-Email: email" \
  -H "X-Auth-Key: key"

Review load balancer config (if applicable):

curl -X GET "https://api.cloudflare.com/client/v4/zones/{zone_id}/load_balancers" \
  -H "X-Auth-Email: email" \
  -H "X-Auth-Key: key"

Check firewall rules:

curl -X GET "https://api.cloudflare.com/client/v4/zones/{zone_id}/firewall/rules" \
  -H "X-Auth-Email: email" \
  -H "X-Auth-Key: key"

Learning New APIs

When encountering issues not covered above, consult Cloudflare API documentation:

Browse API reference: https://developers.cloudflare.com/api/
Search for relevant endpoints using issue keywords
Check API schema to understand available operations
Test with GET requests first to understand data structure
Make changes with PATCH/POST after confirming approach

Pattern for exploring new APIs:

# List available settings for a zone
curl -X GET "https://api.cloudflare.com/client/v4/zones/{zone_id}/settings" \
  -H "X-Auth-Email: email" \
  -H "X-Auth-Key: key"

API Reference Overview

Consult references/api_overview.md for:

Common endpoints organized by category
Request/response schemas
Authentication patterns
Rate limits and error handling

Consult references/ssl_modes.md for:

Detailed SSL/TLS mode explanations
Platform compatibility
Security implications

Consult references/common_issues.md for:

Issue patterns and symptoms
Investigation checklists
Platform-specific notes

Best Practices

Evidence-Based Investigation

Query before assuming - Use API to check actual state
Gather multiple data points - Cross-reference settings
Check related configurations - Settings often interact
Verify externally - Use dig/curl to confirm
Test incrementally - One change at a time

API Usage

Parse JSON responses - Use jq or python for readability
Check success field - "success": true/false in responses
Handle errors gracefully - Read errors array in responses
Respect rate limits - Cloudflare API has limits
Use appropriate methods:
- GET: Retrieve information
- PATCH: Update settings
- POST: Create resources / trigger actions
- DELETE: Remove resources

Making Changes

Gather evidence first - Understand current state
Identify root cause - Don't guess
Apply targeted fix - Change only what's needed
Purge cache if needed - Especially for SSL/redirect changes
Verify fix - Re-query API to confirm
Inform user of wait times:
- Edge server propagation: 30-60 seconds
- DNS propagation: Up to 48 hours
- Browser cache: Requires manual clear

Security

Never log API keys in output
Warn if user shares credentials in public context
Recommend API Tokens with scoped permissions over Global API Key
Use read-only operations for investigation

Workflow Template

1. Gather: domain, email, API key
2. Get zone_id via zones API
3. Investigate:
   - Query relevant APIs for evidence
   - Check multiple related settings
   - Verify with external tools (dig, curl)
4. Analyze evidence to determine root cause
5. Apply fix via appropriate API endpoint
6. Purge cache if configuration change affects delivery
7. Verify fix via API query and external testing
8. Inform user of resolution and any required actions

Example: Complete Investigation

When user reports "site shows ERR_TOO_MANY_REDIRECTS":

# 1. Get zone ID
curl -s -X GET "https://api.cloudflare.com/client/v4/zones?name=example.com" \
  -H "X-Auth-Email: [email protected]" \
  -H "X-Auth-Key: abc123" | jq '.result[0].id'

# 2. Check SSL mode (primary suspect for redirect loops)
curl -s -X GET "https://api.cloudflare.com/client/v4/zones/ZONE_ID/settings/ssl" \
  -H "X-Auth-Email: [email protected]" \
  -H "X-Auth-Key: abc123" | jq '.result.value'

# If returns "flexible" and origin is GitHub Pages/Netlify/Vercel:

# 3. Fix by changing to "full"
curl -X PATCH "https://api.cloudflare.com/client/v4/zones/ZONE_ID/settings/ssl" \
  -H "X-Auth-Email: [email protected]" \
  -H "X-Auth-Key: abc123" \
  -H "Content-Type: application/json" \
  --data '{"value":"full"}'

# 4. Purge cache
curl -X POST "https://api.cloudflare.com/client/v4/zones/ZONE_ID/purge_cache" \
  -H "X-Auth-Email: [email protected]" \
  -H "X-Auth-Key: abc123" \
  -d '{"purge_everything":true}'

# 5. Inform user: Wait 60 seconds, clear browser cache, retry

When Scripts Are Useful

The bundled scripts (scripts/check_cloudflare_config.py, scripts/fix_ssl_mode.py) serve as:

Reference implementations of investigation patterns
Quick diagnostic tools when Python is available
Examples of programmatic API usage

However, prefer direct API calls via Bash/curl for flexibility and transparency. Scripts should not limit capability - use them when convenient, but use raw API calls when needed for:

Unfamiliar scenarios
Edge cases
Learning/debugging
Operations not covered by scripts

The investigation methodology and API knowledge is the core skill, not the scripts.

Related Skills

seaworld008/lark-wiki

development

VerifiedTrustedCommunity

飞书知识库：管理知识空间、空间成员和文档节点。创建和查询知识空间、查看和管理空间成员、管理节点层级结构、在知识库中组织文档和快捷方式。当用户需要在知识库中查找或创建文档、浏览知识空间结构、查看或管理空间成员、移动或复制节点时使用。当用户给出 doubao.com 的 /wiki/ URL/token 时，也应直接使用本 skill，不要因为域名不是飞书而回退到 WebFetch；路由依据是 URL 路径模式和 token，而不是域名。

34SKILL.mdUpdated Jun 4, 2026

seaworld008/lark-wiki

seaworld008/lark-whiteboard

tools

VerifiedTrustedCommunity

飞书画板：查询和编辑飞书云文档中的画板。支持导出画板为预览图片、导出原始节点结构、使用 DSL（转成 OpenAPI 格式）、PlantUML/Mermaid 格式更新画板内容。当用户需要查看画板内容、导出画板图片、编辑画板，或是需要可视化表达架构、流程、组织关系、时间线、因果、对比等结构化信息时使用此 skill，无论是否提及\"画板\"。 ⚠️ 原 `lark-whiteboard-cli` skill 已合并至本 skill，若 skill 列表中同时存在 `lark-whiteboard-cli`，请忽略它，统一使用本 skill（`lark-whiteboard`），并提示用户运行 `npx skills remove lark-whiteboard-cli -g` 删除旧 skill。

34SKILL.mdUpdated Jun 4, 2026

seaworld008/lark-whiteboard

seaworld008/lark-vc

testing

VerifiedTrustedCommunity

飞书视频会议：搜索历史会议、查询会议纪要产物（总结、待办、章节、逐字稿）、查询会议参会人快照。1. 查询已经结束的会议数量或详情时使用本技能（如历史日期｜昨天｜上周｜今天已经开过的会议等场景），查询未开始的会议日程使用 lark-calendar 技能。2. 支持通过关键词、时间范围、组织者、参与者、会议室等筛选条件搜索会议。3. 获取或整理会议纪要、逐字稿、录制产物时使用本技能。4. 查询“谁参加过某会议”“参会人列表”等参会人快照信息用 vc meeting get --with-participants（任意时点可查，含已结束会议）。注意：**Agent 真实入会/离会、感知正在进行中会议的实时事件**请使用 lark-vc-agent 技能，本技能不覆盖写操作和会中事件流。

34SKILL.mdUpdated Jun 4, 2026

seaworld008/lark-vc-agent

data-ai

VerifiedTrustedCommunity

飞书会议机器人入会、离会和会中事件读取。

34SKILL.mdUpdated Jun 4, 2026

seaworld008/lark-vc-agent

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/seaworld008/commonly-used-high-value-skills.git

# Copy into Claude Code skills folder (global)
cp -r commonly-used-high-value-skills/openclaw-skills/cloudflare-troubleshooting ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

seaworld008/commonly-used-high-value-skills

25 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT