PagerDuty Agent
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: pagerduty-agent Version: 1.0.0 The pagerduty-agent skill is a standard integration for managing PagerDuty incidents and schedules. The implementation in pagerduty.js uses native Node.js HTTPS modules with no external dependencies and follows the stated purpose without any signs of malicious intent, data exfiltration, or obfuscation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If PAGERDUTY_BASE_URL is set accidentally or maliciously, the PagerDuty API key could be sent to a non-PagerDuty server or over an unencrypted connection.
The PagerDuty API key is attached to every request, while the destination host is controlled by PAGERDUTY_BASE_URL and may use HTTP rather than HTTPS.
const BASE_URL = process.env.PAGERDUTY_BASE_URL || "https://api.pagerduty.com"; ... "Authorization": `Token token=${API_KEY}` ... const transport = url.protocol === "https:" ? https : http;Do not set PAGERDUTY_BASE_URL unless you fully trust it. The skill should restrict this to HTTPS and expected PagerDuty hosts, or clearly document and validate any custom endpoint.
An agent using this skill can make live operational changes, such as creating incidents or marking them resolved.
The skill explicitly supports PagerDuty write operations that can create or change incident state.
Trigger, acknowledge, and resolve PagerDuty incidents ... export PAGERDUTY_FROM_EMAIL="you@yourcompany.com" # required for write operations
Use explicit user confirmation for write operations and prefer the least-privileged PagerDuty API key that supports the tasks you need.