Grafana
ReviewAudited by ClawScan on May 16, 2026.
Overview
This is a disclosed Grafana integration through ClawLink, but users should notice it requires an external plugin/service and can use delegated Grafana access, including write actions after confirmation.
Before installing, confirm that you trust ClawLink and the ClawLink plugin, review the Grafana permissions you grant, and approve write actions only after checking the preview. The supplied artifact does not show hidden code, exfiltration, or destructive behavior.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You must install and trust the ClawLink plugin to use this Grafana skill.
The skill relies on installing a separate plugin even though this artifact is instruction-only. The install is disclosed and user-directed, but the plugin code is not part of the supplied artifact set.
Install the verified ClawLink plugin: `openclaw plugins install clawhub:clawlink-plugin`
Install the plugin only from the expected ClawHub source, review ClawLink's verification/source links, and keep the plugin updated.
ClawLink/OpenClaw may be able to access Grafana within the permissions you approve.
The skill uses a local device credential and a hosted ClawLink account connection to access Grafana. This is expected for the integration, but it is sensitive delegated access.
The resulting device credential is stored locally in OpenClaw's plugin config and is only sent to `claw-link.dev`.
Review the requested Grafana permissions, prefer least-privilege accounts or scopes, and revoke the ClawLink connection when you no longer need it.
If you approve a write action, the agent could modify Grafana resources such as dashboards, folders, or teams.
The skill can invoke dynamic Grafana tools, including write-capable operations. The instructions add preview and user confirmation controls, so this is disclosed and bounded rather than a concern.
For writes or anything marked as requiring confirmation, call `clawlink_preview_tool` first, then confirm with the user. Execute with `clawlink_call_tool`.
Check previews carefully before approving changes, and use Grafana accounts with only the permissions needed for the task.
Grafana-related requests and results may be processed through ClawLink rather than only locally.
Grafana tool discovery and execution are mediated through the external ClawLink gateway. This is central to the skill, but data, commands, and tool metadata may pass through that provider.
ClawLink provides tools dynamically based on what the user has connected.
Review ClawLink's privacy/security documentation and avoid using the integration for data you do not want routed through that service.