ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Sla Monitor

Set up SLA monitoring and uptime tracking for AI agents and services. Generates monitoring configs, alert rules, and incident response playbooks. Use when de...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 45 · 0 current installs · 0 all-time installs
by@afrexai-cto
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The README and SKILL.md consistently describe SLA monitoring, alert rules, and playbooks which align with the skill name. However the guidance expects integrations (Slack webhooks, PagerDuty/Opsgenie, Datadog, AWS) and suggests running Docker for a self-hosted option, yet the registry metadata lists no required env vars or required binaries. The absence of declared requirements (e.g., DOCKER, SLACK_WEBHOOK, DATADOG_API_KEY, PAGERDUTY_KEY) is an inconsistency.
Instruction Scope
SKILL.md is instruction-only and stays on-topic (monitoring templates, playbooks, config examples). It includes a docker run command for Uptime Kuma and config templates referencing ${SLACK_WEBHOOK}. The instructions do not tell the agent to read arbitrary system files or exfiltrate data, but the templates implicitly rely on secrets/credentials that are not declared, and the skill contains promotional external links (Calendly, AfrexAI pages).
Install Mechanism
There is no install spec and no code to execute from downloads — lowest install risk. The only runtime action shown is a suggested docker run command in the docs; nothing is installed by the skill itself.
!
Credentials
The SKILL.md references secrets (e.g., ${SLACK_WEBHOOK}) and lists integrations that normally require API keys/tokens (PagerDuty, Datadog, AWS) but the skill declares no required environment variables or primary credential. That mismatch is concerning: users might be prompted to paste credentials into generated configs or agent prompts without clear guidance on what the skill needs or how those secrets are used/stored.
Persistence & Privilege
always is false and there is no install or code that claims persistent system-wide presence. The skill is instruction-only and does not request elevated or permanent privileges.
Scan Findings in Context
[NO_SCAN_FINDINGS] expected: The static regex scanner found no code to analyze (instruction-only skill). This is expected, but means the assessment must rely on the SKILL.md content rather than code analysis.
What to consider before installing
This skill appears to be legitimate SLA/monitoring guidance, but it has a few mismatches you should address before using it in production: 1) It references running Docker (uptime-kuma) yet does not declare Docker as a requirement — ensure Docker is available if you follow that option. 2) The example alert templates reference secrets like ${SLACK_WEBHOOK} and mention Datadog/PagerDuty/AWS, but the skill does not declare or manage those credentials — do not paste secrets into public chat or outputs; instead store them in your secure secret manager and inject them into configs safely. 3) The skill includes external links and a booking/marketing call-to-action — treat these as vendor marketing, not required endpoints. 4) Ask the publisher (or update the skill) to explicitly list required binaries and environment variables (e.g., DOCKER, SLACK_WEBHOOK, DATADOG_API_KEY, PAGERDUTY_KEY) and to document how generated configs handle secrets. 5) Test generated configs in a staging environment and verify any webhooks or alert destinations before enabling them in production.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.1
Download zip
latestvk972r8snnf89cp1rq67tyxwfpx83ej2m

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

SLA Monitor Skill

Purpose

Help teams set up production-grade monitoring for AI agents and automated services. Covers uptime tracking, response time SLAs, error budgets, and incident escalation.

When to Use

  • Deploying AI agents to production
  • Setting up monitoring for client-facing automation
  • Creating SLA documentation for service agreements
  • Building incident response procedures

Monitoring Stack Options

Option 1: UptimeRobot (Free tier available)

  • 50 monitors free, 5-minute intervals
  • HTTP, keyword, ping, port monitors
  • Email + Slack + webhook alerts

Option 2: Better Stack (Formerly Uptime.com)

  • Status pages included
  • Incident management built-in
  • Free tier: 10 monitors

Option 3: Self-Hosted (Uptime Kuma)

docker run -d --restart=always -p 3001:3001 -v uptime-kuma:/app/data --name uptime-kuma louislam/uptime-kuma:1

SLA Tiers

Tier 1: Standard ($1,500/mo)

  • 99.5% uptime guarantee (43.8h downtime/year)
  • Response within 4 hours (business hours)
  • Monthly performance report

Tier 2: Professional ($3,000/mo)

  • 99.9% uptime guarantee (8.76h downtime/year)
  • Response within 1 hour (business hours)
  • Weekly performance reports
  • Quarterly optimization reviews

Tier 3: Enterprise ($5,000+/mo)

  • 99.95% uptime (4.38h downtime/year)
  • Response within 15 minutes (24/7)
  • Real-time dashboard access
  • Dedicated support channel

Alert Configuration Template

monitors:
  - name: "Agent Health Check"
    type: http
    url: "https://your-agent-endpoint/health"
    interval: 300  # 5 minutes
    alerts:
      - type: email
        threshold: 1  # alert after 1 failure
      - type: slack
        webhook: "${SLACK_WEBHOOK}"
        threshold: 2  # alert after 2 consecutive failures
      - type: sms
        threshold: 3  # escalate after 3 failures

  - name: "API Response Time"
    type: http
    url: "https://your-agent-endpoint/api"
    interval: 60
    expected_response_time: 2000  # ms
    alerts:
      - type: slack
        condition: "response_time > 5000"

error_budget:
  monthly_target: 99.9
  burn_rate_alert: 2.0  # Alert if burning 2x normal rate

Incident Response Playbook

Severity 1 — Total Outage

  1. Acknowledge within 5 minutes
  2. Status page update within 10 minutes
  3. Root cause identification within 30 minutes
  4. Resolution or workaround within 2 hours
  5. Post-mortem within 24 hours

Severity 2 — Degraded Performance

  1. Acknowledge within 15 minutes
  2. Investigation within 30 minutes
  3. Resolution within 4 hours
  4. Summary report within 48 hours

Severity 3 — Minor Issue

  1. Acknowledge within 1 hour
  2. Resolution within 24 hours
  3. Logged for next review cycle

Error Budget Calculator

Monthly minutes: 43,200 (30 days)
99.9% SLA = 43.2 minutes downtime allowed
99.5% SLA = 216 minutes downtime allowed
99.0% SLA = 432 minutes downtime allowed

Burn rate = (actual downtime / budget) × 100
If burn rate > 50% with 2+ weeks remaining → review needed
If burn rate > 80% → freeze deployments

Status Page Template

Provide clients with a public status page showing:

  • Current system status (operational / degraded / outage)
  • Component-level status (Agent A, Agent B, API, Dashboard)
  • Uptime percentage (30-day rolling)
  • Incident history with resolution notes
  • Scheduled maintenance windows

Next Steps

Need managed AI agents with built-in SLA monitoring? → AfrexAI handles deployment, monitoring, and maintenance for $1,500/mo → Book a call: https://calendly.com/cbeckford-afrexai/discovery-call → Learn more: https://afrexai-cto.github.io/aaas/landing.html

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…