ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

PagerDuty On-Call

v1.0.0

Manage PagerDuty incidents, on-call schedules, escalation policies, and services via the PagerDuty REST API. Use when you need to: (1) List or acknowledge ac...

0· 105·0 current·0 all-time
by@fr3kstyle

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for fr3kstyle/pagerduty-oncall.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "PagerDuty On-Call" (fr3kstyle/pagerduty-oncall) from ClawHub.
Skill page: https://clawhub.ai/fr3kstyle/pagerduty-oncall
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install pagerduty-oncall

ClawHub CLI

Package manager switcher

npx clawhub@latest install pagerduty-oncall
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
Name, description, SKILL.md, and the included script all describe PagerDuty REST and Events API operations (list/ack/resolve/trigger/oncall/etc.), which is coherent with the stated purpose. However the registry metadata declares no required environment variables or primary credential even though both SKILL.md and scripts/pd.py require PAGERDUTY_API_KEY (and the script optionally uses PAGERDUTY_INTEGRATION_KEY and PAGERDUTY_FROM_EMAIL). The missing declaration of required credentials in metadata is an inconsistency.
Instruction Scope
SKILL.md instructs the agent to set PAGERDUTY_API_KEY and optionally PAGERDUTY_FROM_EMAIL, and to run the included CLI or call the documented PagerDuty API endpoints; the runtime instructions and examples map directly to actions in scripts/pd.py. The instructions do not request unrelated files, system-wide credentials, or external endpoints beyond PagerDuty.
Install Mechanism
There is no install spec (instruction-only behavior) and no downloads; the package includes a single Python script which runs locally. This is lower risk than remote installs. The script makes network calls to official PagerDuty endpoints (api.pagerduty.com and events.pagerduty.com), which is expected for this skill.
!
Credentials
The code requires PAGERDUTY_API_KEY and may use PAGERDUTY_INTEGRATION_KEY and PAGERDUTY_FROM_EMAIL, but the skill metadata declared no required env vars or primary credential. Required env vars with names like *_KEY / *_TOKEN are sensitive; they are appropriate for a PagerDuty integration but should be declared in metadata and documented with minimum needed scopes. The omission makes it unclear what secrets the platform should protect or prompt for.
Persistence & Privilege
The skill does not request always:true and uses default autonomy settings. It does not attempt to modify other skills or system configuration. No elevated persistence or cross-skill privileges are requested.
What to consider before installing
This skill appears to be a legitimate PagerDuty CLI (the included script talks only to PagerDuty endpoints). However, the registry metadata fails to declare the required environment variables (the SKILL.md and the script require PAGERDUTY_API_KEY and optionally PAGERDUTY_INTEGRATION_KEY and PAGERDUTY_FROM_EMAIL). Before installing, verify: (1) you are comfortable providing a PagerDuty API key to the skill and that the key has the minimum scopes needed (prefer least privilege), (2) rotate the key after testing, (3) confirm the skill source/trustworthiness since Homepage is missing and source is unknown, and (4) consider running the script in an isolated environment first. If you need higher assurance, ask the publisher to update the registry metadata to declare the primary credential (PAGERDUTY_API_KEY) and to document required scopes; that inconsistency is why this is flagged as suspicious.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cffqx08t05m8ezrptghy8c983ajjb
105downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@fr3kstyle
latest
Download

PagerDuty On-Call Skill

Manage incidents and on-call operations via the PagerDuty REST API (v2).

Setup

export PAGERDUTY_API_KEY="your-api-key-here"
# Optional: set default email for actions that require it
export PAGERDUTY_FROM_EMAIL="oncall@yourcompany.com"

Get your API key: PagerDuty → User Icon → My Profile → User Settings → API Access Keys → Create New API Key

Core Workflows

List Active Incidents

python3 ~/.openclaw/workspace/skills/pagerduty-oncall/scripts/pd.py incidents --status triggered,acknowledged

Acknowledge an Incident

python3 ~/.openclaw/workspace/skills/pagerduty-oncall/scripts/pd.py acknowledge --id P1234AB

Resolve an Incident

python3 ~/.openclaw/workspace/skills/pagerduty-oncall/scripts/pd.py resolve --id P1234AB

Trigger a New Incident

python3 ~/.openclaw/workspace/skills/pagerduty-oncall/scripts/pd.py trigger \
  --service-key "your-service-integration-key" \
  --description "Database is down" \
  --severity critical

Who is On-Call Right Now?

python3 ~/.openclaw/workspace/skills/pagerduty-oncall/scripts/pd.py oncall
# With schedule filter:
python3 ~/.openclaw/workspace/skills/pagerduty-oncall/scripts/pd.py oncall --schedule-id PABC123

Get Incident Details

python3 ~/.openclaw/workspace/skills/pagerduty-oncall/scripts/pd.py get --id P1234AB

List Services

python3 ~/.openclaw/workspace/skills/pagerduty-oncall/scripts/pd.py services

List Escalation Policies

python3 ~/.openclaw/workspace/skills/pagerduty-oncall/scripts/pd.py escalations

Add Note to Incident

python3 ~/.openclaw/workspace/skills/pagerduty-oncall/scripts/pd.py note --id P1234AB --message "Investigating DB failover"

Snooze Incident

python3 ~/.openclaw/workspace/skills/pagerduty-oncall/scripts/pd.py snooze --id P1234AB --duration 3600

Reassign Incident

python3 ~/.openclaw/workspace/skills/pagerduty-oncall/scripts/pd.py reassign --id P1234AB --user-id PU12345

Direct API Calls (Advanced)

For operations not covered by the script, use curl directly:

curl -s -H "Authorization: Token token=$PAGERDUTY_API_KEY" \
  -H "Accept: application/vnd.pagerduty+json;version=2" \
  "https://api.pagerduty.com/incidents?statuses[]=triggered&limit=25"

Key Concepts

  • Incidents: The core alert object. States: triggeredacknowledgedresolved
  • Services: Represent monitored systems/applications
  • Escalation Policies: Define who gets paged and when
  • Schedules: Define on-call rotation rotations
  • Integration Keys: Service-specific keys for triggering incidents

Common Tasks for Agents

  • Morning standup briefing: run incidents to check overnight alerts
  • On-call handoff: oncall + incidents for current state
  • Post-incident: get for timeline, then note to document RCA
  • Auto-acknowledge low-severity pages: incidents filtered by urgency, then acknowledge

API Rate Limits

  • 900 requests/minute for REST API
  • Events API (triggering): 120 events/minute per service
  • Use --limit flag to control result set size

Comments

Loading comments...