ClawHub

Volcengine Observability Cls

v1.0.0

Log query and troubleshooting workflows with Volcengine CLS. Use when users need error analysis, time-range queries, aggregation dashboards, or incident diagnostics.

0· 990·1 current·1 all-time
by@cinience
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill is described as a Volcengine CLS log-query and troubleshooting helper, which normally requires API credentials or access to log data. The manifest declares no required env vars, credentials, binaries, or config paths and provides no implementation — this is inconsistent. Either the skill expects the agent to already have network-level access/credentials or expects users to paste logs, but that expectation is not stated.
Instruction Scope
SKILL.md instructs the agent to 'build' and 'execute' queries and to summarize errors and remediation. It does not tell the agent where to get credentials, how to authenticate, or whether to use pasted logs versus calling Volcengine APIs. The instructions do not request unrelated system files or hidden exfiltration, but they are vague about execution context and allowed data sources.
Install Mechanism
There is no install spec and no code files to run — the skill is instruction-only. This is low-risk from an install-execution perspective because nothing is written to disk by the skill itself.
!
Credentials
The skill declares no required environment variables or primary credential, yet its purpose almost always requires access credentials (API key/secret, service token) or access to log storage. The absence of declared credentials is a mismatch and could indicate missing documentation about how the agent will obtain necessary access.
Persistence & Privilege
The skill is not forced-always (always: false) and is user-invocable. It does not request persistent system presence or modify other skills/configuration. Autonomous invocation is permitted by default but is not combined with other strong red flags here.
Scan Findings in Context
[NO_SCAN_FINDINGS] expected: The regex scanner found nothing. This is expected because the skill is instruction-only (no code files) — absence of findings is not evidence of safety. Manual review of the SKILL.md is the primary signal.
What to consider before installing
This skill's goal (querying Volcengine CLS) normally needs API credentials or explicit instructions for how the agent will receive logs. Before installing or invoking it: 1) Ask the author how the skill authenticates — what env vars or connectors are required (e.g., VOLCENGINE_API_KEY) and whether any credentials are needed. 2) If the agent will call Volcengine APIs, require least-privilege API keys, scoped to read-only log access, rotate keys, and monitor audit logs. 3) If you will paste logs instead of giving network access, confirm that behavior so no secrets leave your environment. 4) Prefer manual invocation (don’t allow persistent/autonomous runs) until you verify authentication and network behavior. 5) Request source or homepage from the publisher so you can review implementation; avoid using skills from unknown sources that require broad access.

Like a lobster shell, security has layers — review code before you run it.

latestvk979bnnpenrgh6xs88gewkcwp180z4s8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments