Cloudflare

· #352 most-used

The global edge platform your agents can manage in plain English

StorageAnalyticsDeveloperSecurityAutomation

Cloudflare is the connectivity cloud that sits in front of every internet property you own — routing traffic, absorbing DDoS attacks, enforcing WAF rules, running edge Workers, and storing data in R2 and KV across 300+ cities. Connect it to Actionist and your agents can manage DNS records, purge caches, deploy Workers, audit SSL certificates, and react to security events without anyone opening the Cloudflare dashboard.

Try Cloudflare with Actionist Visit Cloudflare

Average time saved

10 hours

per person · per month

≈ 1 workdays back

Eliminates manual work. Eliminates manual dashboard work for DNS updates, cache purges, certificate audits, and WAF rule adjustments that previously required direct Cloudflare logins.

Schedule

What your Cloudflare agent runs on autopilot

A week of scheduled jobs your Actionist agent will execute on your behalf.

28Scheduled jobs

7Agents at work

24/7Always on

Agents

Wed–Fri

Wed

Thu

Fri

10a

11a

12p

Multi-app workflows

Cloudflare × every other app you use

End-to-end automations that span multiple apps — each one a real business outcome.

6Workflows

9Apps spanned

~12 hrsSaved / week

6Personas served

For customer success

Featured4 apps

SSL expiry → support ticket closed in 90 seconds

When a customer emails about a certificate warning on their custom domain, your agent reads the zone certificate in Cloudflare, checks the expiry and status, purges any stale cached responses, and drops a Google Calendar reminder 30 days before the next expiry — all while posting a Slack update to the CSM team confirming the issue is handled. What used to mean a 30-minute back-and-forth between support and engineering becomes a 90-second resolved ticket.

~5 hrs

Time saved for your team — every week, on autopilot

The flow

Trigger·When an inbound Gmail message reports a browser certificate warning on a customer's Cloudflare-proxied domain

Trigger

Step 1

Gmail

Detect inbound certificate warning report

read

Step 2

Cloudflare

Get zone certificate for the affected domain

write

Step 3

Cloudflare

Purge cache for the affected origin paths

write

Step 4

Slack

Post resolution summary to #customer-success channel

write

Step 5

Google Calendar

Create 30-day pre-expiry renewal reminder

Result

Purge cache for the affected origin pathsPost resolution summary to #customer-success channelCreate 30-day pre-expiry renewal reminder

The win

Saved per run

25 min

Runs / week

~12×

Certificate issues resolved before the customer escalates

Driven byCustomer Support Agent

ROI

Savings

What your team gets back — two angles: what you stop doing manually, and what that's worth.

Without Actionist

What you do manually today

With Actionist

What your agent runs for you

Sales
18 min / week
Custom subdomain provisioning
Sales ops logs into Cloudflare and manually creates a CNAME for each new enterprise customer's custom domain after deal close — taking 15–20 minutes and often delayed by 24 hours.
Sales Agent
0 min
Agent creates the subdomain on deal close
The moment a deal is marked won, the agent creates the CNAME in Cloudflare and logs it to the deal tracker — customer's URL is live before the celebration ends.
Marketing
13 min / week
Cache purge before campaign launch
Marketing requests a cache purge from engineering each time a campaign goes live — a back-and-forth that takes 10–20 minutes and occasionally launches campaigns on stale content.
Marketing Agent
0 min
Agent purges cache on campaign activation
The agent purges all campaign landing-page URLs in Cloudflare the moment the campaign goes active in HubSpot — fresh content guaranteed, zero engineering ticket needed.
Customer Support
18 min / week
Certificate warning investigation
Support manually escalates SSL complaints to engineering, who logs into Cloudflare to check certificate status and expiry — a 30-minute round trip per ticket.
Customer Support Agent
0 min
Agent reads cert and posts resolution instantly
When a customer reports a cert warning, the agent reads the Cloudflare certificate, confirms expiry, and posts the resolution to the CSM team — ticket closed in under two minutes.
Human Resources
7 min / week
New-hire DNS access briefing
HR manually compiles a list of domains and zones for new engineering hires' onboarding documentation — pulling this from the Cloudflare dashboard takes 15–20 minutes per cohort.
Human Resources Agent
0 min
Agent lists zones and emails domain inventory
The agent lists all Cloudflare zones and formats them into an onboarding reference email — sent automatically when a new engineering hire is added to the roster.
Finance
13 min / week
Monthly bandwidth cost audit
Finance pulls Cloudflare usage manually from the dashboard each month and cross-references it against the CDN budget line — a 20–30 minute exercise that often flags overruns too late.
Finance Agent
0 min
Agent monitors bandwidth and alerts in real time
The agent watches zone analytics and notifies finance the moment bandwidth crosses 80% of the monthly budget — cost overruns get an owner before the invoice arrives.
Operations
25 min / week
Weekly DNS orphan cleanup
Ops manually reviews DNS records across all zones to find CNAMEs pointing at decommissioned services — a tedious 30–40 minute spreadsheet exercise done inconsistently.
Operations Agent
0 min
Agent lists, cross-checks, and deletes orphans
Each week the agent lists all DNS records, cross-references them against active services, and deletes confirmed orphans — the zone is clean before the next deploy window.
Legal
6 min / week
Certificate compliance evidence collection
Legal manually exports certificate details from Cloudflare for each zone in audit scope — gathering issuer, expiry, and serial number across a dozen zones takes 10–15 minutes.
Legal Agent
0 min
Agent collects cert data and logs it automatically
Each time a certificate renews, the agent writes the serial number, issuer, and expiry to the compliance tracker — audit evidence collected without any legal team action.

+ 100s of other Cloudflare automations

Average monthly

10 hrs / person / month

Average monthly

10 hrs / person / month

Calculator

Calculate what your team saves

Team size

10 person

Hourly rate

$20 / hr

Hours saved / week

Hours saved / year

1,250

Annual ROI

$25,000

Based on Cloudflare's typical team usage — the visible tasks plus a few other automations the agent runs: ~2.5 hrs / person / week of admin work automated.

Connect

How to plug Cloudflare into Actionist

Pick the connection method that suits your environment.

The fastest path to Cloudflare's full surface: Cloudflare's official MCP server exposes DNS, WAF, Workers, R2, KV, and cache operations through a permissioned OAuth handshake — no API token to rotate, no dashboard to open.

Open the Apps tab

Find Cloudflare in the Apps library and click Connect. MCP is selected by default.

Authorise in Cloudflare

You'll be redirected to Cloudflare's OAuth consent screen. Sign in with your Cloudflare account and grant Actionist access to the zones and services you want the agent to manage.

Test the connection

Actionist runs a read-only call to verify the handshake. You're ready.

Actions

15 action your agent can call

Read and write operations available to your Actionist agent.

Triggers

7 event your agent can react to

Events your agent watches for, and the actions it kicks off in response.

Skills

Skills that pair with Cloudflare

Reusable agent skills that work well alongside this app.

C.R.A.B Deploy Agent

Orchestrates full-stack deployments through Build, Test, GitHub, and Cloudflare Pages stages with a human-approval gate at each step.

Scrapling Official Skill

Scrapes web pages with built-in Cloudflare Turnstile bypass, stealth headless browsing, and adaptive scraping for anti-bot protected sites.

Stealth Browser

Automates browser sessions with Cloudflare bypass, CAPTCHA solving, and persistent anti-detection profiles for web automation that evades bot detection.

MCP servers

MCP servers that work with Cloudflare

Connect Actionist to MCP servers built for or around this app.

mcp

Official

Cloudflare's official MCP server exposing the full range of Cloudflare services through a permissioned OAuth connection.

cloudflare/mcp-server-cloudflare

Open-source Cloudflare MCP integration covering Workers, KV, R2, and D1 database operations.

MCP Cloudflare

Official

Focused MCP server for Cloudflare DNS management, Transform Rules, and Page Rule automation.

FAQs

Questions about Cloudflare + Actionist

How do I connect Cloudflare to Actionist?

Open the Apps tab, find Cloudflare, and click Connect. The recommended path is MCP — Cloudflare's official MCP server handles the OAuth handshake, so no API token is required. If you prefer token-based access (for CI/CD environments or shared accounts), choose API Token and paste a scoped token from Cloudflare's My Profile → API Tokens page.

What permissions does my Cloudflare API token need?

Scope your token to exactly the operations Actionist will perform — for example, Zone:Read + DNS:Edit + Cache Purge for DNS and cache workflows. Avoid using the Global API Key; a scoped token limits blast radius if the credential is ever exposed. Cloudflare's token creator lets you restrict by zone and permission type simultaneously.

Which Cloudflare resources can the agent manage?

With MCP, agents can read and write DNS records, manage zone SSL certificates, purge cache (full zone or specific URLs), update WAF custom rules, deploy Workers scripts, list and create page rules, and read zone analytics. Coverage expands as Cloudflare's official MCP server adds new tools — check the MCP server changelog for the current surface.

How does the agent handle Cloudflare API rate limits?

Cloudflare's REST API enforces per-zone rate limits — typically 1,200 requests per five minutes for most endpoints. Actionist batches read operations and spaces writes when processing multiple zones in bulk. If your workflows sweep across dozens of zones simultaneously, stagger them across schedule windows rather than triggering all at once to avoid 429 errors.

Can agents run scheduled Cloudflare tasks, like weekly DNS audits?

Yes. Actionist's scheduler lets you run any Cloudflare workflow on a cron-style cadence — for example, listing all DNS records every Sunday night, fetching zone analytics every Monday morning, or checking certificate expiry on the first of each month. The agent runs without any human trigger and posts results to your chosen destination.

Will cache purge actions affect my visitors while they're active?

A cache purge causes Cloudflare to serve the next request for each purged URL directly from your origin server rather than from the edge cache. That single uncached request is slightly slower than a cache hit, but subsequent requests are cached again immediately. Purging a single URL or a small set of paths has negligible user impact; full-zone purges on high-traffic domains should be timed for low-traffic periods.

Can I use Cloudflare Workers deployment actions in a CI/CD pipeline?

Yes — the Deploy Worker script action works well as a post-merge step. Trigger it from a GitHub Actions webhook or a calendar deploy window event, have the agent read zone analytics first to confirm baseline traffic is normal, then deploy. The agent can log the deployment to a changelog and alert your team on success or failure — giving you a lightweight deployment pipeline without a separate CI tool.

How do I disconnect Cloudflare or rotate the API token?

To disconnect, go to the Apps tab, find Cloudflare, and click Disconnect. For MCP connections, this revokes Actionist's OAuth access in Cloudflare. For API token connections, revoke the token in Cloudflare's My Profile → API Tokens page first, then reconnect with a new token — any in-flight agent tasks that require Cloudflare will fail gracefully and surface an auth error rather than silently skipping.