ClawHub
Back to skill
v1.1.0

Prometheus

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:31 AM.

Analysis

This appears to be a coherent Prometheus monitoring query skill, but it can use stored Prometheus credentials and persistent local configuration.

GuidanceBefore installing, confirm you trust the bundled Node.js scripts, use read-only or least-privilege Prometheus credentials, protect the persisted prometheus.json file, and review any workspace or current-directory config before querying production monitoring systems.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
package.json
"engines": { "node": ">=18.0.0" }, "scripts": { "query": "node scripts/cli.js query" }

The skill relies on local Node.js scripts, while registry requirements list no required binaries and no install spec.

User impactUsers may not realize from the registry metadata alone that the skill executes bundled JavaScript locally.
RecommendationTreat this as a local CLI integration: ensure Node.js is expected, run it from the intended skill directory, and review configuration before first use.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
scripts/common.js
const user = instance?.user || process.env.PROMETHEUS_USER; ... headers['Authorization'] = `Basic ${auth}`;

The skill can use Prometheus Basic Auth credentials from config or environment variables and attach them to Prometheus API requests.

User impactThe skill can access whatever Prometheus data the configured account can read, which may include sensitive infrastructure, service, alert, and target information.
RecommendationUse least-privilege Prometheus credentials, prefer HTTPS endpoints, and verify that configured URLs are trusted before running queries.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityMediumConfidenceMediumStatusNote
scripts/common.js
const envPaths = [ join(workspaceDir, '.env'), join(process.cwd(), '.env') ]; ... './prometheus.json', './config.json'

The skill reuses persistent workspace/current-directory environment and config files to determine Prometheus URLs and credentials.

User impactLocal configuration can steer which Prometheus servers are queried and which credentials are used, so stale or untrusted config files could affect future results.
RecommendationKeep workspace and project Prometheus config files trusted, review them before use, and consider passing an explicit --config path for sensitive environments.