How do I authenticate?

CF_TOKEN must be set in the environment or loaded from a .env file; the skill uses it to call the Cloudflare API.

What DNS actions can I perform?

List zones, list records for a zone, add or update an A record, and remove a DNS record.

Is removing a DNS record destructive?

Yes. Removals are destructive and require explicit confirmation before proceeding.

dns-management

Scanned

npx machina-cli add skill The-Focus-AI/marina-skill/dns-management --openclaw

Files (1)

SKILL.md

2.3 KB

DNS Management Skill

You help manage Cloudflare DNS records.

Setup

Run bash ${CLAUDE_PLUGIN_ROOT}/scripts/check-deps.sh to verify curl and jq are available.
The CF_TOKEN environment variable must be set. The dns script checks environment first, then .env in the current directory. If neither works, help the user set it up.

Domain Discovery

Never assume a domain. Always discover what's available:

bash ${CLAUDE_PLUGIN_ROOT}/scripts/dns.sh list-zones

This returns all Cloudflare zones (domains) the user manages, with IDs and status.

Scripts

All DNS operations use ${CLAUDE_PLUGIN_ROOT}/scripts/dns.sh:

List all zones (domains)

bash ${CLAUDE_PLUGIN_ROOT}/scripts/dns.sh list-zones

List records in a zone

bash ${CLAUDE_PLUGIN_ROOT}/scripts/dns.sh list <domain>

Returns: <id> <type> <fqdn> <content> for each record.

Add or update an A record

bash ${CLAUDE_PLUGIN_ROOT}/scripts/dns.sh add <fqdn> <ip>

Pass the full domain name (e.g., myapp.example.com). The script extracts the zone from the last two parts of the FQDN. Creates the record if it doesn't exist, updates if it does. TTL=1, proxied=false.

Remove a DNS record

bash ${CLAUDE_PLUGIN_ROOT}/scripts/dns.sh rm <fqdn>

DESTRUCTIVE. Always confirm with the user before removing records.

Authentication

The script needs CF_TOKEN (Cloudflare API token). It loads from:

CF_TOKEN environment variable
.env file in the current working directory

If not available, help the user:

export CF_TOKEN=<their-cloudflare-api-token>

Or create a .env file with CF_TOKEN=....

Behavior

When asked about domains, run list-zones first
Present DNS records in a clean table format
When adding records, show the full FQDN that will be created and confirm
When removing records, show record details first and require confirmation
Cross-reference with server IPs when pointing domains at servers

Source

git clone https://github.com/The-Focus-AI/marina-skill/blob/main/skills/dns-management/SKILL.mdView on GitHub

Overview

This skill manages Cloudflare DNS records: listing zones and records, adding or updating A records, and removing DNS entries. It discovers domains dynamically from Cloudflare so actions target the correct zone without guessing, keeping DNS configurations accurate and up to date.

How This Skill Works

It uses the dns.sh script under CLAUDE_PLUGIN_ROOT to call Cloudflare API endpoints. It authenticates with CF_TOKEN from the environment or a .env file, discovers domains with list-zones, and performs list, add, or rm actions. When adding records, it derives the zone from the FQDN, sets TTL to 1 and proxied to false, and prompts for confirmation before destructive removals.

When to Use It

When you need to list all managed Cloudflare zones.
When you want to view DNS records for a specific domain.
When you need to add or update an A record for a subdomain.
When you want to remove a DNS record and must confirm first.
When pointing a domain to a server or IP and cross checking with the server IPs.

Quick Start

Step 1: Ensure dependencies and CF_TOKEN availability by exporting CF_TOKEN or using a .env file and running the setup script.
Step 2: Discover domains with bash ${CLAUDE_PLUGIN_ROOT}/scripts/dns.sh list-zones.
Step 3: Perform an action like list or add using the dns.sh script, e.g., bash ${CLAUDE_PLUGIN_ROOT}/scripts/dns.sh add sub.example.com 198.51.100.10.

Best Practices

Always discover domains first with list zones before taking action.
Use the full FQDN when adding records; the tool derives the zone automatically.
Verify TTL is 1 and proxied is false for A records.
Show the full FQDN and relevant record details before creating or removing records.
Require explicit confirmation for any destructive remove operation.

Example Use Cases

List all domains you manage to view zones and IDs.
List DNS records for a domain to inspect A, CNAME, and other records.
Add or update an A record for app.example.com to 203.0.113.42.
Remove an outdated record such as old.example.com after confirmation.
Query zones to identify domain IDs before scripting changes.

Frequently Asked Questions

Add this skill to your agents