cloudflare-traffic-investigator
Installation
SKILL.md
Investigating Traffic on Cloudflare-Protected Domains
Inputs
Raw arguments: $ARGUMENTS
Infer from the arguments:
- DOMAIN: Cloudflare-protected domain to investigate
- ZONE_ID: Cloudflare zone ID for the domain
- TIME_RANGE: (optional) time range to investigate, in current agent's local timezone (detect via system clock)
- SINCE: (optional) UTC ISO8601 start of analysis window. When provided, takes precedence over TIME_RANGE for all GraphQL queries.
- UNTIL: (optional) UTC ISO8601 end of analysis window. When provided, takes precedence over TIME_RANGE for all GraphQL queries.
- TZ_DISPLAY: (optional) Timezone abbreviation for report display (e.g. the output of
date +"%Z"on the calling machine). When provided, use this as the pinned timezone instead of detecting via system clock in Step 1.
If domain or zone ID cannot be inferred, ask the user via AskUserQuestion. Time range is collected in Step 1 if neither TIME_RANGE nor SINCE/UNTIL are provided.
Investigate unusual traffic patterns on Cloudflare-protected domains that cause downstream service failures (e.g., service overload, database saturation, API rate limiting). This skill walks through a structured investigation from confirming the spike through to a full incident report.