cfshare

Use the cfshare CLI to expose local ports/files as temporary Cloudflare Quick Tunnel URLs. Trigger when a user needs a temporary public URL for a local service, needs to share files/directories from terminal, or needs to inspect/export cfshare audit and policy state.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "cfshare" with this command: npx skills add ystemsrx/cfshare

CFShare CLI Skill

cfshare wraps Cloudflare Quick Tunnel and outputs structured JSON.

Install when version checks fail

If either command fails, install missing binaries before running any cfshare tool.

cfshare --version
cloudflared --version
  1. If cfshare --version fails, install cfshare (requires Node.js and npm):
npm install -g @ystemsrx/cfshare
  1. If cloudflared --version fails, install cloudflared by platform:

macOS:

brew install cloudflare/cloudflare/cloudflared

Debian/Ubuntu:

curl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null
echo "deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/cloudflared.list
sudo apt-get update && sudo apt-get install -y cloudflared

Windows (PowerShell):

winget install --id Cloudflare.cloudflared

WSL/Linux generic binary install:

curl -fsSL https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64 -o /usr/local/bin/cloudflared
sudo chmod +x /usr/local/bin/cloudflared
  1. Re-run both version checks. If still failing, stop and report exact stderr output to user.

CLI contract

cfshare <tool> [params-json] [options]

Supported tools:

  • env_check
  • expose_port
  • expose_files
  • exposure_list
  • exposure_get
  • exposure_stop
  • exposure_logs
  • maintenance
  • audit_query
  • audit_export

Global options:

  • --params '<json>' or --params-file <path>
  • --config '<json>' or --config-file <path>
  • --workspace-dir <dir> (only used by expose_files)
  • --keep-alive (for expose_*, keep foreground process alive)
  • --no-keep-alive (default for expose_*, print result then exit)
  • --compact

Command names accept _ and - (for example expose-port == expose_port).

Standard workflow for agents

  1. Run env_check first.
  2. Create exposure with expose_port or expose_files.
  3. Return public_url and expires_at to user immediately.
  4. By default, expose_* prints result and exits.
  5. Use --keep-alive only when foreground lifecycle control is needed; stop with Ctrl+C when done.

Recommended for stable automation:

  • Prefer --params/--params-file over positional raw JSON to reduce quoting errors.
  • Prefer access: "token" for sensitive content.
  • Treat access: "none" as publicly readable by anyone with link.

Tool usage

1) env_check

cfshare env_check

Returns:

  • cloudflared.ok/path/version
  • defaults (effective policy + runtime paths)
  • warnings

2) expose_port

cfshare expose_port --params '{"port":3000,"opts":{"access":"token","ttl_seconds":3600}}'

Params:

  • port: 1..65535
  • opts.ttl_seconds
  • opts.access: token | basic | none
  • opts.protect_origin: default access != "none"
  • opts.allowlist_paths: path prefix allowlist for reverse proxy

Returns:

  • id
  • public_url (token mode auto-appends ?token=...)
  • local_url
  • expires_at
  • access_info (secrets are masked)

3) expose_files

cfshare expose_files --params '{"paths":["./dist"],"opts":{"mode":"normal","presentation":"preview","access":"none"}}'

Params:

  • paths: files/directories to copy into temp workspace
  • opts.mode: normal | zip (default normal)
  • opts.presentation: download | preview | raw (default download)
  • opts.ttl_seconds
  • opts.access: token | basic | none
  • opts.max_downloads: auto-stop after threshold

File Serving Behavior:

Mode: normal

  • Single file → served directly at the root URL.
  • Multiple files or a directory → displayed in an intuitive file explorer interface.

Mode: zip

  • All files are packaged into a ZIP archive.

Presentation:

  • Default behaviors: download | preview | raw
  • Behavior can be overridden via query parameters.
    • download → forces browser file save.
    • preview → renders inline (images, PDF, Markdown, audio/video, HTML, text, etc.).
    • raw → serves original content without any wrapper.
  • If a file type is not previewable, preview automatically falls back to raw, then to download.

Returns:

  • id, public_url, expires_at, mode, presentation
  • manifest, manifest_mode, manifest_meta

4) exposure_list

cfshare exposure_list

Lists tracked sessions with id/type/status/public_url/local_url/expires_at.

5) exposure_get

cfshare exposure_get --params '{"id":"port_xxx","opts":{"probe_public":true}}'
cfshare exposure_get --params '{"filter":{"status":"running"},"fields":["id","status","public_url"]}'

Supports selector by id, ids, or filter. Can probe public reachability via opts.probe_public.

6) exposure_stop

cfshare exposure_stop --params '{"id":"all"}'

Stops tunnel/proxy/origin and removes temporary workspace. Returns {stopped, failed, cleaned}.

7) exposure_logs

cfshare exposure_logs --params '{"id":"files_xxx","opts":{"component":"all","lines":200}}'

component: tunnel | origin | all.

8) maintenance

cfshare maintenance --params '{"action":"run_gc"}'
cfshare maintenance --params '{"action":"set_policy","opts":{"policy":{"maxTtlSeconds":7200},"ignore_patterns":["*.pem",".env*"]}}'

Actions:

  • start_guard
  • run_gc
  • set_policy (requires opts.policy or opts.ignore_patterns)

9) audit_query

cfshare audit_query --params '{"filters":{"event":"exposure_started","limit":100}}'

10) audit_export

cfshare audit_export --params '{"range":{"from_ts":"2026-01-01T00:00:00Z","output_path":"./audit.jsonl"}}'

Runtime files (CLI mode)

Default CLI state directory is ~/.cfshare:

  • policy.json
  • policy.ignore
  • audit.jsonl
  • sessions.json
  • workspaces/
  • exports/

Important limitations in CLI mode

  • expose_port and expose_files exit by default after printing result; use --keep-alive to hold foreground.
  • Current session registry is in-process memory; separate cfshare invocations do not restore full live session state.
  • basic mode credentials are masked in outputs, so token is usually the practical authenticated mode for agent-delivered links.

Troubleshooting

  • cloudflared binary not found: install cloudflared or set --config '{"cloudflaredPath":"..."}'
  • local service is not reachable on 127.0.0.1:<port>: start service first
  • path blocked by ignore policy: adjust policy.ignore or maintenance set_policy
  • port blocked by policy: update blockedPorts in policy if intentional

Use CFSHARE_LOG_LEVEL=info or CFSHARE_LOG_LEVEL=debug for more stderr logs.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Coding

run.dev — Local Dev Environment Manager

Local dev environment manager. Process management, automatic HTTPS domains, SSL certificates, reverse proxy, and AI crash diagnosis — single binary, zero con...

Registry SourceRecently Updated
1950danieltamas
Coding

ifly-image-understanding

iFlytek Image Understanding (图片理解) — analyze and answer questions about images using Spark Vision model. WebSocket API, pure Python stdlib, no pip dependencies.

Registry SourceRecently Updated
1950qingzhe2020
Coding

Civic Google

Use gog (Google CLI) without manual OAuth setup — Civic handles token management automatically

Registry SourceRecently Updated
2000Profile unavailable
Coding

Agent Browser.Skip

A fast Rust-based headless browser automation CLI with Node.js fallback that enables AI agents to navigate, click, type, and snapshot pages via structured co...

Registry SourceRecently Updated
2000Profile unavailable