monitoring-specialist
PassAudited by ClawScan on May 10, 2026.
Overview
This is an instruction-only monitoring guidance skill; the main thing to notice is that copied examples may send log alerts to Slack and should be handled like production telemetry.
This skill appears safe to install as instruction-only guidance. Before copying its monitoring examples into production, review outbound alert destinations, protect webhook secrets, and redact sensitive data from logs and traces.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A leaked or misconfigured webhook could let others post unwanted messages to the user's Slack channel.
If a user implements this example, the Slack webhook URL functions as a credential that grants permission to post into a Slack destination. This is expected for alerting, but it should be treated as a secret.
url => "${SLACK_WEBHOOK_URL}"Store webhook URLs in a secret manager or protected environment variable, avoid committing them to source control, and rotate them if exposed.
Error messages, service names, timestamps, or other log fields could appear in Slack and be visible to channel members.
The Logstash example posts error/fatal log message content to a Slack webhook. This is purpose-aligned for monitoring alerts, but it is an external data flow that may include sensitive log details if copied unchanged.
# Send critical errors to Slack ... "text" => "Error in %{service}: %{msg}"Redact secrets and personal data from logs before alerting, send alerts only to approved workspaces/channels, and limit the fields included in webhook messages.