VM0VM0
Agent Skills

Cloudflare Tunnel

Access services behind Cloudflare Access with service tokens

Cloudflare Tunnel securely exposes local services to the internet. This skill enables your agent to authenticate and access services protected by Cloudflare Access using service tokens.

Required Environment

NameTypeDescription
CF_ACCESS_CLIENT_IDsecretCloudflare Access service token ID
CF_ACCESS_CLIENT_SECRETsecretCloudflare Access service token secret

Create a service token in the Cloudflare Zero Trust Dashboard under Access > Service Auth > Service Tokens.

The client secret is only displayed once during token creation. Save it immediately.

Configuration

vm0.yaml
version: "1.0"

agents:
  my-agent:
    framework: claude-code
    skills:
      - https://github.com/vm0-ai/vm0-skills/tree/main/cloudflare-tunnel

Run

Store your secrets on the platform (recommended, one-time setup):

vm0 secret set CF_ACCESS_CLIENT_ID your-client-id
vm0 secret set CF_ACCESS_CLIENT_SECRET your-client-secret

Then run your agent - secrets are automatically loaded:

vm0 run my-agent "check the status of the internal API"

For CI/CD or temporary overrides, pass secrets at runtime: --secrets CF_ACCESS_CLIENT_SECRET=value. See Environment Variables for details.

Example Instructions

AGENTS.md
# Internal Service Monitor Agent

You use Cloudflare Tunnel to access internal services behind Cloudflare Access.

## Workflow

1. Authenticate with CF-Access-Client-Id and CF-Access-Client-Secret headers
2. Call the internal API health endpoint
3. Check response status and latency
4. Report any issues

## Authentication

- Include CF-Access-Client-Id header with $CF_ACCESS_CLIENT_ID
- Include CF-Access-Client-Secret header with $CF_ACCESS_CLIENT_SECRET
- Additional Bearer auth may be required for some services
AGENTS.md
# Deployment Trigger Agent

You use Cloudflare Tunnel to trigger deployments on internal infrastructure.

## Workflow

1. Authenticate through Cloudflare Access
2. Call the deployment API endpoint
3. Monitor deployment progress
4. Report completion status

## Rules

- Always verify authentication succeeds before proceeding
- Log all deployment trigger events
- Wait for deployment to reach a terminal state

ClickUp

Project management and task tracking platform

Cloudinary

Media hosting with CDN delivery and transformations