log-dive
v0.1.3Unified log search across Loki, Elasticsearch, and CloudWatch. Natural language queries translated to LogQL, ES DSL, or CloudWatch filter patterns. Read-only...
⭐ 0· 698·5 current·5 all-time
byTodd Kuehnl@tkuehnl
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (unified log search for Loki, Elasticsearch, CloudWatch) align with the included scripts. The scripts implement search, labels/indices listing, and tailing for the declared backends and only use read/search APIs.
Instruction Scope
SKILL.md instructs the agent to exec the bundled scripts and to treat log output as sensitive and not to dump raw logs to users. The scripts emit raw log lines to stdout (for the agent to analyze), which is consistent with the stated read-only purpose, but the agent must enforce the SKILL.md rule about not dumping raw logs to end users. SKILL.md also documents required environment variables and backend checks that the scripts perform.
Install Mechanism
No install spec (instruction-only dispatching to local scripts). All code is included in the bundle and there are no remote downloads or extract operations. Dependencies are standard CLIs (jq, curl, aws, logcli) which the scripts check for at runtime.
Credentials
The registry metadata lists no required environment variables/primary credential, but SKILL.md and the scripts clearly require backend credentials/URLs (LOKI_ADDR, ELASTICSEARCH_URL, AWS_REGION and AWS credentials). This mismatch means the skill will need sensitive credentials at runtime even though the registry record doesn't declare them — a transparency and least-privilege concern. The scripts read those env vars and use them only to contact configured backends; they do not appear to send credentials to other endpoints, but the omission in metadata reduces clarity for users.
Persistence & Privilege
always:false and the scripts do not alter other skills or system-wide configuration. The scripts are explicitly read-only and avoid writing/caching logs to disk. Agent autonomous invocation is allowed (default) but not unusual; there is no evidence the skill requests persistent presence or escalated privileges.
What to consider before installing
This skill appears to implement the described read-only unified log search, but note a few important things before installing: 1) Metadata mismatch — the registry entry claims no required env vars, but the scripts require backend URLs and credentials (LOKI_ADDR, ELASTICSEARCH_URL, AWS_REGION and either AWS_PROFILE or AWS_ACCESS_KEY_ID/SECRET). Treat that as a transparency issue and verify you are comfortable providing those credentials. 2) Logs can contain secrets/PII — the agent SKILL.md instructs not to dump raw log lines, but the bundled scripts output raw log lines to stdout for the agent to analyze; ensure your agent will summarize and not forward raw logs to external LLMs or channels you don't control. 3) Run the scripts locally in an isolated environment first (with test/backfill data or local containers) to verify behavior and outputs. 4) Audit network destinations — the scripts call only the configured backend URLs and standard CLIs; make sure you don't export credentials pointing at unknown third-party endpoints. 5) If you need higher assurance, ask the publisher to update registry metadata to explicitly list required environment variables and primary credential so automated policy checks and reviewers can see the required privileges. If you want, I can (a) highlight the exact lines/files that read each env var, (b) produce a minimal checklist to safely test the skill locally, or (c) draft a metadata snippet they should publish to correct the omission.Like a lobster shell, security has layers — review code before you run it.
latestvk971tpna0sn85ppcfxw3e1hnj981j1ev
License
MIT-0
Free to use, modify, and redistribute. No attribution required.