ClawHub

Elasticsearch Openclaw

v1.1.1

Read-only Elasticsearch 9.x reference for AI-orchestrated search and analytics. SECURITY: This skill provides documentation for read-only operations only (se...

0· 498·1 current·1 all-time
byAlex Salgado@salgado
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's name and description claim a read-only reference for Elasticsearch 9.x, which justifies needing ELASTICSEARCH_URL and a read-only API key. However, parts of the content (examples and reference files) show write/create operations (POST /_security/api_key, PUT my-index, PUT _inference, PUT _ingest/pipeline, POST my-index/_doc). Creating API keys or inference endpoints requires elevated privileges that are not consistent with a pure read-only documentation skill. Also the top-level registry metadata listed no required env vars while SKILL.md metadata declares ELASTICSEARCH_URL and ELASTICSEARCH_API_KEY — an internal inconsistency.
!
Instruction Scope
SKILL.md and the reference files explicitly include commands that mutate cluster state: creating API keys (POST /_security/api_key), index mappings (PUT my-index), creating inference endpoints (PUT _inference), ingest pipelines (PUT _ingest/pipeline), and indexing documents (POST my-index/_doc). These go beyond read-only search/aggregation examples and could lead an agent to perform privileged operations if given sufficient credentials. The docs also reference additional secrets (JINA_API_KEY) in examples that aren't declared in the skill metadata.
Install Mechanism
This is an instruction-only skill with no install spec or code to write to disk, and requires no package downloads. That minimizes installation risk.
Credentials
SKILL.md declares ELASTICSEARCH_URL and ELASTICSEARCH_API_KEY (base64) which are expected for an ES integration. However: (1) the registry summary initially showed no required env vars (metadata mismatch); (2) the Python reference and env examples mention JINA_API_KEY (an additional external API key) but it's not declared in SKILL.md metadata as required — this is inconsistent and could lead to unexpected requests for secrets; (3) creating API keys (included as an example) requires privileges beyond a typical read-only API key, so granting cluster-level credentials to follow sample steps would be disproportionate.
Persistence & Privilege
The skill does not request 'always: true' or any special persistent installation. It instructs users to store the encoded API key in ~/.openclaw/workspace-[name]/.env, which is a normal workspace pattern. Still, because the docs include API-key creation steps, giving the skill credentials that allow API-key creation or index writes would expand its effective privileges — be careful to only provide a least-privilege read-only API key if you intend only read operations. Autonomous invocation is permitted by default (disable-model-invocation: false) but that alone is not flagged; combined with the write instructions it increases the blast radius if over-privileged credentials are provided.
What to consider before installing
This skill mostly contains documentation and is low risk to install, but there are important contradictions you should understand before providing credentials. The files include examples that create API keys, indices, inference endpoints, ingest pipelines, and index documents — all of which are write operations requiring privileges beyond read-only. If you want only read/query capabilities: (1) do NOT supply cluster-admin credentials — create and supply a dedicated read-only API key scoped to the specific indices with privileges like ["read","view_index_metadata"]; (2) avoid giving keys that can create API keys or modify indices; (3) review the referenced files and remove or ignore the PUT/POST examples that perform writes; (4) note the skill's metadata inconsistencies (env vars mentioned in docs but not in registry) and prefer explicit communication from the author if you need to trust this skill for automated use. If you plan to let the agent act autonomously, require least-privilege credentials and consider disabling autonomous invocation or auditing actions until you trust behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk97aetp4qekq6ch9yff3mkxpsn81we4q

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔍 Clawdis
OSLinux · macOS · Windows
Any binpython3

Comments