Back to skill
Skillv1.0.0
ClawScan security
Grafana · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 6, 2026, 10:44 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's requests, instructions, and single required environment variable (MATON_API_KEY) align with a Grafana API proxy/managed-auth integration; nothing in the SKILL.md asks for unrelated credentials or local files.
- Guidance
- This skill is internally consistent, but it relies on a third‑party proxy (maton.ai/gateway.maton.ai/ctrl.maton.ai). Before installing: verify Maton is a trusted provider, understand that MATON_API_KEY grants the proxy access to your Grafana API, and avoid giving an overly-privileged key (use least privilege). Review Maton's privacy/retention policy and rotate keys after use. If you prefer not to route Grafana traffic through an external gateway, consider a direct Grafana integration instead.
Review Dimensions
- Purpose & Capability
- okName/description match the behavior: it documents calling a Maton gateway that proxies to Grafana and requires a Maton API key. The single required env var (MATON_API_KEY) is appropriate for a managed proxy service.
- Instruction Scope
- noteInstructions only describe HTTP calls to gateway.maton.ai and ctrl.maton.ai and how to manage connections; they do not instruct reading other env vars, local files, or unrelated system state. Note: all Grafana API traffic is routed through Maton endpoints (a third‑party proxy) — this is consistent with the stated 'managed authentication' but is an important trust consideration.
- Install Mechanism
- okInstruction-only skill with no install spec and no included code files — nothing is written to disk or downloaded during install.
- Credentials
- okOnly one required env var (MATON_API_KEY) is declared and used in the examples. That credential is proportionate to using a managed API gateway. The SKILL.md also describes using a Grafana service account token in a browser flow (user-supplied), which is expected.
- Persistence & Privilege
- okSkill is not always-enabled and is user-invocable; it does not request system-wide config paths or other skills' credentials. Autonomous model invocation is allowed (platform default) but not combined with other privileged requests.