ClawHub

Prometheus

v1.0.0

Prometheus monitoring patterns, cardinality management, alerting best practices, and PromQL traps.

2· 818·2 current·2 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, and content are aligned: the SKILL.md is purely guidance about Prometheus (cardinality, PromQL, alerting, scrape config, Pushgateway, etc.). It requests no binaries, env vars, or installs, which is proportionate for a documentation-style skill.
Instruction Scope
SKILL.md contains only static operational guidance and examples. It does not instruct the agent to read local files, access unrelated environment variables, or exfiltrate data. One actionable example shows a curl DELETE to a Pushgateway endpoint (curl -X DELETE http://pushgateway/metrics/job/myjob) — this is a potentially destructive operation if executed blindly, so users/agents should not treat examples as safe to run without review.
Install Mechanism
No install spec and no code files (instruction-only). This is low-risk: nothing will be written to disk or downloaded by the skill itself.
Credentials
The skill requires no environment variables, credentials, or config paths. There is no disproportionate credential access relative to the stated purpose.
Persistence & Privilege
always is false and the skill does not request persistent presence or modify other skills or system settings. It does not request elevated privileges.
Assessment
This skill is a documentation-style Prometheus best-practices guide and appears internally consistent. Because it is instruction-only and has no installs or credential requests, it poses low structural risk. However: 1) treat any concrete commands in the document (for example, the curl DELETE to remove Pushgateway metrics) as potentially destructive — do not execute them in production without understanding the impact; 2) verify the skill’s origin before trusting it in automated workflows — the homepage/source is unknown; and 3) if you plan to let an autonomous agent act on the guidance, restrict the agent’s ability to execute network or shell commands unless you explicitly approve each action and have a safe staging environment to test changes.

Like a lobster shell, security has layers — review code before you run it.

latestvk97atec3w3j90yjceh6g38s3rh80w5bs

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments