Cloudflare MCP Server — 23 Tools with Risk Policies

READ TOOLS

15

accounts_list List all Cloudflare accounts 2/5 d1_database_get Get D1 database details 2/5 d1_database_query Query a D1 database 3/5 d1_databases_list List all D1 databases 2/5 kv_namespace_get Get details of a KV namespace 2/5 kv_namespaces_list List all KV namespaces 2/5 observability_keys Find keys in Workers Observability data 2/5 observability_values Find values in Workers Observability data 2/5 query_worker_observability Query Workers Observability API 2/5 r2_bucket_get Get details of an R2 bucket 2/5 r2_buckets_list List R2 storage buckets 2/5 search_cloudflare_documentation Search Cloudflare documentation 2/5 workers_get_worker Get details of a Cloudflare Worker 2/5 workers_get_worker_code Get source code of a Cloudflare Worker 3/5 workers_list List Cloudflare Workers 2/5

WRITE TOOLS

5

d1_database_create Create a new D1 database 4/5 kv_namespace_create Create a new KV namespace 4/5 kv_namespace_update Update KV namespace title 2/5 r2_bucket_create Create a new R2 storage bucket 4/5 set_active_account Set active Cloudflare account 4/5

DESTRUCTIVE TOOLS

3

d1_database_delete Delete a D1 database 5/5 kv_namespace_delete Delete a KV namespace 5/5 r2_bucket_delete Delete an R2 storage bucket 5/5

// FAQ

How many tools does the Cloudflare MCP server have? +

The Cloudflare MCP server exposes 23 tools across 3 categories: Read, Write, Destructive.

How do I enforce policies on Cloudflare tools? +

Use Intercept, the open-source MCP proxy. Write YAML rules for each tool — rate limits, argument validation, or deny rules — then run Intercept in front of the Cloudflare server.

What risk categories do Cloudflare tools fall into? +

Cloudflare tools are categorised as Read (15), Write (5), Destructive (3). Each category has a recommended default policy.

CLOUDFLARE TOOLS

READ TOOLS

WRITE TOOLS

DESTRUCTIVE TOOLS

Enforce policies on Cloudflare