ClawHub

Prometheus

v1.1.0

Query Prometheus monitoring data to check server metrics, resource usage, and system health. Use when the user asks about server status, disk space, CPU/memo...

2· 1.9k·17 current·17 all-time
by@akellacom
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (query Prometheus metrics) align with the files and code: the CLI reads a config or environment, performs Prometheus HTTP API calls, supports multi-instance queries and basic auth — all expected for this purpose.
Instruction Scope
SKILL.md directs running the provided node scripts and storing a config in the OpenClaw workspace; the code also loads optional .env files from the workspace and CWD which could populate process.env. Reading local .env files and allowing PROMETHEUS_* env fallbacks is plausible for convenience, but it means the skill will read local environment files beyond only a single dedicated config file.
Install Mechanism
No install spec; the skill is instruction + Node.js scripts. That is low-risk and consistent with a CLI-style skill.
Credentials
The skill declares no required env vars, and the code only uses PROMETHEUS_URL/USER/PASSWORD and any entries from a local prometheus.json. However, the loader will parse .env files in the workspace and CWD and set any keys not already present in process.env — this can pull unrelated secrets (if present in .env) into process.env for the process, though they are used only as fallbacks and not exfiltrated by the code.
Persistence & Privilege
always is false and the skill writes only its own config (prometheus.json) under the OpenClaw workspace or a path provided by PROMETHEUS_CONFIG. It does not modify other skills or system-wide agent settings.
Assessment
This skill appears to do exactly what it says: query Prometheus HTTP APIs for metrics. Before installing, note that the CLI will read and set environment variables from local .env files (workspace and current directory) and will write a config file (prometheus.json) into your OpenClaw workspace (or the path you provide). Don’t point it at untrusted Prometheus endpoints; review the generated prometheus.json to ensure no sensitive credentials are stored there in plaintext. If you keep secrets in a workspace .env, be aware the CLI may load them into process.env (it does not transmit them anywhere except to the Prometheus instances you configure).

Like a lobster shell, security has layers — review code before you run it.

latestvk977h6r8pt553dgjx9az1kb33582cjpq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments