| $ARGUMENTS[0] | Cloudflare-protected domain to investigate (e.g., example.com) | | $ARGUMENTS[1] | Cloudflare zone ID for the domain (e.g., abc123def456) | | $ARGUMENTS[2] | (optional) Time range to investigate (e.g., "2025-06-01 04:00-05:00 NZST", "today 9:00-10:00 AEDT"). In current agent's local timezone (detect via system clock), not UTC. |
If domain or zone ID is not provided, ask the user via AskUserQuestion. Time range is collected in Step 1 if not passed here.
Investigate unusual traffic patterns on Cloudflare-protected domains that cause downstream service failures (e.g., service overload, database saturation, API rate limiting). This skill walks through a structured investigation from confirming the spike through to a full incident report.
Investigate traffic anomalies, spikes, and service degradation on Cloudflare-protected domains. Uses Cloudflare MCP tools for GraphQL analytics, JA4 fingerprint analysis, bot/WAF security scoring, and incident reporting. Use this skill whenever traffic spikes, service overloads, 429 errors, circuit breaker events, Cloudflare analytics, or domain performance issues are mentioned — even if the user doesn't explicitly say "traffic spike". Also triggers when asked to check Cloudflare data for any domain. Source: delexw/claude-code-misc.