Zabbix Connector
AdvisoryAudited by Static analysis on May 4, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone installing the skill should understand that the agent may use their Zabbix API token to access monitoring data and perform allowed Zabbix actions.
The script uses a Zabbix API token from the local environment or .env file. This is expected for the integration, but it grants access according to the token's Zabbix permissions and is not declared in the registry credential metadata.
ZABBIX_URL = os.environ.get("ZABBIX_URL")
ZABBIX_TOKEN = os.environ.get("ZABBIX_TOKEN")Use a least-privilege Zabbix API token, store it only in the local .env file or environment, and avoid giving the token permissions beyond the intended monitoring and acknowledgement tasks.
The agent could acknowledge Zabbix events if asked or if it decides the skill is relevant, which may affect incident tracking or operational workflows.
The skill includes a state-changing Zabbix API action to acknowledge events. This is disclosed in SKILL.md and fits the stated purpose, but it can alter monitoring incident state.
def event_acknowledge(self, eventids, message, action=6):
params = {"eventids": eventids, "message": message, "action": action}
return self._call("event.acknowledge", params)Only allow acknowledgements after an explicit user request, and verify the event ID, host, and acknowledgement message before running the action.
Users may need to create the .env file manually and could misconfigure credential storage if they rely on a missing template.
The instructions reference a .env.template setup file, but the provided file manifest does not include that file. This is a setup/documentation gap, not evidence of malicious behavior.
To configure the skill, copy `.env.template` to `.env` and fill in the credentials.
Create a local .env file containing only ZABBIX_URL and ZABBIX_TOKEN, keep it out of version control, and verify the configured Zabbix URL uses HTTPS.