PluginBench
Skill
Fail
Audit score 45

cloudflare-tunnel

vm0-ai/vm0-skills

How to install cloudflare-tunnel

npx skills add https://github.com/vm0-ai/vm0-skills --skill cloudflare-tunnel
Claude Code
Cursor
Windsurf
Cline
Full instructions (SKILL.md)

Source of truth, from vm0-ai/vm0-skills.


name: cloudflare-tunnel description: Cloudflare Tunnel API for secure tunnels. Use when user mentions "Cloudflare tunnel", "argo tunnel", or secure connectivity.

Usage

Basic curl Request

Add two headers to authenticate through Cloudflare Access:

curl -s \
  -H "CF-Access-Client-Id: $CF_ACCESS_CLIENT_ID" \
  -H "CF-Access-Client-Secret: $CF_ACCESS_CLIENT_SECRET" \
  "https://your-protected-service.example.com/api/endpoint"

With Additional Authentication

Many services require both Cloudflare Access AND their own authentication:

curl -s \
  -H "CF-Access-Client-Id: $CF_ACCESS_CLIENT_ID" \
  -H "CF-Access-Client-Secret: $CF_ACCESS_CLIENT_SECRET" \
  -H "Authorization: Bearer $API_TOKEN" \
  "https://your-protected-service.example.com/api/endpoint"

With Basic Auth

curl -s \
  -H "CF-Access-Client-Id: $CF_ACCESS_CLIENT_ID" \
  -H "CF-Access-Client-Secret: $CF_ACCESS_CLIENT_SECRET" \
  -u "username:password" \
  "https://your-protected-service.example.com/api/endpoint"

POST Request with JSON Body

Write to /tmp/request.json:

{
  "key": "value"
}

Then run:

curl -s -X POST \
  -H "CF-Access-Client-Id: $CF_ACCESS_CLIENT_ID" \
  -H "CF-Access-Client-Secret: $CF_ACCESS_CLIENT_SECRET" \
  -H "Content-Type: application/json" \
  -d @/tmp/request.json \
  "https://your-protected-service.example.com/api/endpoint"

Download File

curl -s -o /tmp/output.file \
  -H "CF-Access-Client-Id: $CF_ACCESS_CLIENT_ID" \
  -H "CF-Access-Client-Secret: $CF_ACCESS_CLIENT_SECRET" \
  "https://your-protected-service.example.com/file"

Skip SSL Verification (Self-signed certs)

Add -k flag for services with self-signed certificates:

curl -k -s \
  -H "CF-Access-Client-Id: $CF_ACCESS_CLIENT_ID" \
  -H "CF-Access-Client-Secret: $CF_ACCESS_CLIENT_SECRET" \
  "https://your-protected-service.example.com/api/endpoint"

Required Headers

HeaderValueDescription
CF-Access-Client-Id<client-id>.accessService Token Client ID
CF-Access-Client-Secret<secret>Service Token Client Secret

Common Errors

ErrorCauseSolution
403 ForbiddenInvalid or missing headersCheck Client ID and Secret
403 ForbiddenToken not in Access policyAdd token to application's Access policy
401 UnauthorizedService's own auth failedCheck service-specific credentials
Connection refusedTunnel not runningVerify cloudflared is running

Tips

  1. Header order doesn't matter - CF headers can be anywhere in the request
  2. Works with any HTTP method - GET, POST, PUT, DELETE, etc.
  3. Combine with other auth - CF Access + Basic Auth, Bearer Token, etc.
  4. Token rotation - Rotate secrets periodically in Zero Trust dashboard

API Reference