monitoring-specialist
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: ah-monitoring-specialist Version: 1.0.0 The skill bundle provides standard documentation and configuration examples for a monitoring and observability specialist, covering tools like Prometheus, Grafana, ELK, and OpenTelemetry. The code examples in references/examples.md are consistent with industry best practices for metrics collection, alerting, and synthetic monitoring without any signs of malicious intent or data exfiltration.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A leaked or misconfigured webhook could let others post unwanted messages to the user's Slack channel.
If a user implements this example, the Slack webhook URL functions as a credential that grants permission to post into a Slack destination. This is expected for alerting, but it should be treated as a secret.
url => "${SLACK_WEBHOOK_URL}"Store webhook URLs in a secret manager or protected environment variable, avoid committing them to source control, and rotate them if exposed.
Error messages, service names, timestamps, or other log fields could appear in Slack and be visible to channel members.
The Logstash example posts error/fatal log message content to a Slack webhook. This is purpose-aligned for monitoring alerts, but it is an external data flow that may include sensitive log details if copied unchanged.
# Send critical errors to Slack ... "text" => "Error in %{service}: %{msg}"Redact secrets and personal data from logs before alerting, send alerts only to approved workspaces/channels, and limit the fields included in webhook messages.