一键在 Manus 中运行任何 Skill

cloudflare-tunnel-api

Use this skill for Cloudflare Tunnel and DNS automation via Cloudflare API. Use when users ask to create/manage cloudflared tunnels, bind a subdomain to a tunnel, fetch tunnel tokens, create proxied DNS records, or troubleshoot Cloudflare Tunnel routing/cert issues. Trigger keywords: Cloudflare/CF/cloudflared/Tunnel/Argo Tunnel/CF_API_TOKEN/ACCOUNT_ID/ZONE_ID.

在 Manus 中运行

概览

安装命令

npx skills add https://github.com/priority3/dotfiles --skill cloudflare-tunnel-api

复制此命令并粘贴到 Claude Code 中以安装该技能

来源

priority3/dotfiles

星标0

分支0

更新时间2026年4月2日 09:01

文件资源管理器

3 个文件

SKILL.md

readonly

同仓库更多 Skills

同仓库

fanqie-author-api

priority3/dotfiles

适用于番茄作者后台 API 与草稿工作流。基于当前工作区的 fanqie/api-doc.md、scripts/fanqie-api.ts、scripts/fanqie-autosave.ts 执行书籍列表/卷列表/卷名修改、草稿列表/已发布章节列表查询、章节统计查询、草稿新建与覆盖保存、保存历史，并按“项目级 .env.local 仅作上下文缓存、~/.ssh/fanqie/*.env 保存私密认证”的分层约定工作。触发词：番茄/Fanqie/番茄作者后台/草稿保存/cover_article/new_article/draft_list/chapter_list/stats/chapter_list_v1/章节统计/跟读率/读完率/流失率/volume_list/volume_modify/modify_volume/改卷名/book_list/book_detail/publish_article/add_volume。

2026-03-250

novel-writing-skill

priority3/dotfiles

为长篇小说提供写作 skill：正文续写/补写/改写/扩写、卷纲与设定整理、质量审查（OOC/设定冲突/战力崩坏/节奏拖沓）、以及当前状态卡、伏笔池、微粒账本维护。触发词包括续写、改写、扩写、卷纲、设定、当前状态、pending_hooks、particle_ledger、写作自检、章节清算、历史考据、联网核验。

2026-03-230

gemini-share-reader

priority3/dotfiles

Read Gemini shared conversation links and extract the rendered chat into structured text. Use when users provide `https://gemini.google.com/share/*` or `https://g.co/gemini/share/*` and ask to read, summarize, archive, migrate, or analyze the shared conversation content.

2026-03-190

west-cn-api

priority3/dotfiles

Use this skill for any task involving 西部数码 (West.cn) API operations: domain management, DNS resolution, server management, virtual hosting, SSL certificates, enterprise email, finance/billing, and other West.cn platform services. Trigger keywords: 西部数码/west.cn/域名/domain/解析/DNS/服务器/server/虚拟主机/hosting/SSL/证书/邮箱/email/备案/ICP/余额/balance/续费/renew.

2026-03-010

aliyun-ecs-log-analyzer

priority3/dotfiles

Analyze Alibaba Cloud (Aliyun) ECS Linux server logs via SSH or Aliyun Cloud Assistant. Use for server-log triage and incident investigation: systemd/journalctl/syslog errors, nginx/apache access+error logs (4xx/5xx spikes like 502/504), SSH/auth logs (brute-force, suspicious IPs), Docker/container logs, and producing a concise report with likely causes + next actions. Triggers: 阿里云/ECS/云服务器/服务器日志/nginx access.log/error.log/journalctl/auth.log/secure/502/504/被攻击/爆量.

2026-02-280

tencent-cvm-log-analyzer

priority3/dotfiles

Analyze Tencent Cloud (腾讯云) CVM Linux server logs via SSH (key-pair) or Tencent Cloud Automation Tools (TAT/云助手) output. Use for server-log triage and incident investigation: systemd/journalctl/syslog errors, nginx/apache access+error logs (4xx/5xx spikes like 502/504), SSH/auth logs (brute-force, suspicious IPs), Docker/container logs, and produce a concise report with likely causes + next actions. Triggers: 腾讯云/CVM/云服务器/轻量应用服务器/服务器日志/nginx access.log/error.log/journalctl/auth.log/secure/502/504/被攻击/爆量.

2026-02-280

来源

priority3

priority3/dotfiles

打开 GitHub 仓库查看创作者相关仓库

安装命令

下载

在 Manus 中运行

适用职业SOC

软件开发工程师计算机与数学类职业15-1252L4

name	cloudflare-tunnel-api
description	Use this skill for Cloudflare Tunnel and DNS automation via Cloudflare API. Use when users ask to create/manage cloudflared tunnels, bind a subdomain to a tunnel, fetch tunnel tokens, create proxied DNS records, or troubleshoot Cloudflare Tunnel routing/cert issues. Trigger keywords: Cloudflare/CF/cloudflared/Tunnel/Argo Tunnel/CF_API_TOKEN/ACCOUNT_ID/ZONE_ID.

Cloudflare Tunnel API

Overview

Use this skill to set up Cloudflare Tunnel quickly with API-first commands and reproducible checks. Default objective: expose an origin service (for example http://127.0.0.1:8317) as https://${HOST}.${DOMAIN}.

This skill must stay sanitized for sharing:

Do not hardcode real tokens, account IDs, zone IDs, domains, or tunnel names.
Use placeholders and environment variables only.

Token Type Guard (must read first)

CF_API_TOKEN is a Cloudflare API token created from dashboard (My Profile -> API Tokens).
TUNNEL_TOKEN is returned by tunnel create API (result.token) and is only for cloudflared tunnel run --token ....
Do not use TUNNEL_TOKEN in Authorization: Bearer ... headers.
If /user/tokens/verify does not return success: true, stop and replace token before doing any API calls.

Required Inputs

CF_API_TOKEN (management API token, not tunnel run token)
ACCOUNT_ID
ZONE_ID
DOMAIN (example: example.com)
HOST (example: api)
ORIGIN_URL (example: http://127.0.0.1:8317)
TUNNEL_NAME (example: demo-tunnel)

If IDs are missing, read references/get-cloudflare-values.md.

Default Credential Location

Unless the user explicitly says otherwise, load Cloudflare management credentials from:

~/.ssh/cloudfare/cf.env

Expected keys in that file:

CF_API_TOKEN
ACCOUNT_ID
ZONE_ID

Recommended loading pattern:

set -a
[ -f "$HOME/.ssh/cloudfare/cf.env" ] && . "$HOME/.ssh/cloudfare/cf.env"
set +a

Behavior rules:

Prefer already-exported environment variables when present.
If any of CF_API_TOKEN, ACCOUNT_ID, or ZONE_ID is still missing after loading ~/.ssh/cloudfare/cf.env, stop and tell the user which key is absent.
Do not print token values back to the user.

Quick Verify

Verify token validity first:

set -a
[ -f "$HOME/.ssh/cloudfare/cf.env" ] && . "$HOME/.ssh/cloudfare/cf.env"
set +a

curl -sS "https://api.cloudflare.com/client/v4/user/tokens/verify" \
  -H "Authorization: Bearer ${CF_API_TOKEN}" | jq

Expected: success: true.

Optional check if you suspect you copied a tunnel run token by mistake:

python3 - <<'PY'
import base64, json, os
t = os.environ.get("CF_API_TOKEN", "")
try:
    j = json.loads(base64.b64decode(t + "==").decode())
    print("Looks like TUNNEL_TOKEN payload:", j.keys())
except Exception:
    print("Not tunnel-token payload format (this is normal for CF_API_TOKEN)")
PY

API Workflow (Remote-managed Tunnel)

1) Create tunnel

curl -sS "https://api.cloudflare.com/client/v4/accounts/${ACCOUNT_ID}/cfd_tunnel" \
  -X POST \
  -H "Authorization: Bearer ${CF_API_TOKEN}" \
  -H "Content-Type: application/json" \
  --data "{\"name\":\"${TUNNEL_NAME}\",\"config_src\":\"cloudflare\"}" | jq

Capture:

TUNNEL_ID from result.id
TUNNEL_TOKEN from result.token

2) Configure ingress (hostname -> origin)

curl -sS "https://api.cloudflare.com/client/v4/accounts/${ACCOUNT_ID}/cfd_tunnel/${TUNNEL_ID}/configurations" \
  -X PUT \
  -H "Authorization: Bearer ${CF_API_TOKEN}" \
  -H "Content-Type: application/json" \
  --data "{
    \"config\": {
      \"ingress\": [
        {\"hostname\": \"${HOST}.${DOMAIN}\", \"service\": \"${ORIGIN_URL}\", \"originRequest\": {}},
        {\"service\": \"http_status:404\"}
      ]
    }
  }" | jq

3) Create DNS record to tunnel

curl -sS "https://api.cloudflare.com/client/v4/zones/${ZONE_ID}/dns_records" \
  -X POST \
  -H "Authorization: Bearer ${CF_API_TOKEN}" \
  -H "Content-Type: application/json" \
  --data "{
    \"type\": \"CNAME\",
    \"name\": \"${HOST}.${DOMAIN}\",
    \"content\": \"${TUNNEL_ID}.cfargotunnel.com\",
    \"proxied\": true
  }" | jq

4) Run connector on server (Docker)

docker rm -f cloudflared-${HOST} 2>/dev/null || true
docker run -d \
  --name cloudflared-${HOST} \
  --restart unless-stopped \
  cloudflare/cloudflared:latest \
  tunnel --no-autoupdate run --token "${TUNNEL_TOKEN}"

Validation Checklist

DNS check:

curl -s "https://dns.google/resolve?name=${HOST}.${DOMAIN}&type=CNAME"

Tunnel logs:

docker logs --tail 100 cloudflared-${HOST}

Application check:

curl -I "https://${HOST}.${DOMAIN}"

Troubleshooting

403/blocked page on custom domain:
- Confirm hostname resolves to <TUNNEL_ID>.cfargotunnel.com (CNAME), not direct origin IP.
- Confirm CNAME is proxied in Cloudflare (proxied: true).
token invalid:
- Ensure token is CF_API_TOKEN (management token), not TUNNEL_TOKEN.
- Recreate token and verify with /user/tokens/verify.
connection refused to origin:
- Check ORIGIN_URL locally on server.
- Check firewall/security group and local bind address.
DNS record already exists:
- Use DNS record list endpoint, then PATCH/PUT record instead of POST create.

Minimum Token Permissions

For this workflow, token should include:

Account: Cloudflare Tunnel (Edit) or equivalent tunnel write permission
Zone: DNS (Edit)

References

Setup guide: https://developers.cloudflare.com/tunnel/setup/
Tunnel tokens: https://developers.cloudflare.com/tunnel/advanced/tunnel-tokens/
Find IDs: https://developers.cloudflare.com/fundamentals/account/find-account-and-zone-ids/
Create API token: https://developers.cloudflare.com/fundamentals/api/get-started/create-token/