← Back to Skills Marketplace
nissan

Observability Lgtm

by Nissan Dookeran · GitHub ↗ · v1.2.0
cross-platform ⚠ suspicious
499
Downloads
0
Stars
1
Active Installs
5
Versions
Install in OpenClaw
/install observability-lgtm
Description
Set up a full local LGTM observability stack (Loki + Grafana + Tempo + Prometheus + Alloy) for FastAPI apps. One Docker Compose, one Python import, unified d...
Usage Guidance
This skill largely does what it says: it gives you a local Grafana+Prometheus+Loki+Tempo stack and a small Python helper to instrument FastAPI apps. Before installing, check these operational issues: 1) The docker-compose references ./config/alloy/config.alloy but that file is not present in the package — you must supply or remove the Alloy service to avoid startup failure. 2) The SKILL.md claims 'no outbound network calls' but docker compose up will pull container images from registries (ensure your machine can fetch Docker images). 3) The copy example uses SKILL_DIR as a placeholder; adapt it to the actual skill path when copying files. 4) Grafana is configured to allow anonymous Admin access for local dev — this is convenient but exposes an admin UI on the host network port (3000); ensure your machine firewall/networking is configured appropriately if you're on an untrusted network. 5) The register_app.sh writes targets into the local prometheus targets directory (intended behavior) — ensure file permissions allow writing and that the ./config/prometheus/targets directory exists. If you want to proceed: add or provide the missing Alloy config, confirm Docker can pull images, and review the included docker-compose.yml and Python logging paths to ensure they match your desired workspace layout.
Capability Analysis
Type: OpenClaw Skill Name: observability-lgtm Version: 1.2.0 The skill bundle aims to set up a local observability stack, and its declared intent (`network: outbound: false`) is upheld by the code, with all network calls directed to localhost or host.docker.internal. However, the `assets/scripts/register_app.sh` script and the `assets/lib/observability.py` library both exhibit path traversal vulnerabilities. Specifically, the `service_name` parameter, if user-controlled and unsanitized, could allow an attacker to write Prometheus target configuration files or log directories/files to arbitrary locations on the host filesystem. While the content written is benign (Prometheus config, JSON logs), the ability to write to arbitrary paths is a significant vulnerability, classifying the skill as suspicious rather than benign.
Capability Assessment
Purpose & Capability
Name/description, required binaries (docker, docker-compose), included Docker Compose and a FastAPI Python library align with the stated goal of a local LGTM stack. However, docker-compose references an Alloy config at ./config/alloy/config.alloy which is not present in the provided file manifest — this will cause the stack to fail unless the file is added. Also the SKILL.md copy commands use a placeholder SKILL_DIR which is not defined; the user must adapt that when copying files.
Instruction Scope
Runtime instructions stay within the stated purpose (copy files into a workspace, start docker compose, install Python deps, instrument FastAPI, register apps). Minor scope issues: SKILL.md states 'no outbound network calls' while docker compose up will pull container images from registries (network outbound required). The instructions assume certain directories exist (e.g., config/prometheus/targets) and use a SKILL_DIR placeholder; these are usability mismatches rather than malicious behavior.
Install Mechanism
There is no separate install spec (instruction-only), which reduces risk. The stack relies on official container images (grafana, prom, loki, tempo, alloy) pulled by docker compose; that requires outbound network access to Docker registries. No arbitrary remote download URLs or extract operations are present in the skill bundle itself.
Credentials
The skill does not request secrets or credentials. The included Python code optionally reads OPENCLAW_LOG_DIR and OTLP_ENDPOINT (both optional and defaulted) but these are not required inputs. No unrelated credentials or config paths are requested.
Persistence & Privilege
Skill is not always-enabled and does not request elevated platform privileges. It writes files into the user workspace (projects/observability) and the register_app.sh writes JSON to the local config/prometheus/targets directory — both are expected for this functionality. It does not modify other skill configs or request long-term platform presence.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install observability-lgtm
  3. After installation, invoke the skill by name or use /observability-lgtm
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.2.0
Added network disclosure (no outbound), docker in bins
v1.1.0
Updates and fixes
v1.0.2
Fix: homepage now points to public GitHub repo
v1.0.1
Initial publish: LGTM stack (Loki+Grafana+Tempo+Prometheus+Alloy) for FastAPI on Apple Silicon. One Docker Compose, one Python import, unified Grafana dashboards.
v1.0.0
Initial release: LGTM stack (Loki+Grafana+Tempo+Prometheus+Alloy) for FastAPI on Apple Silicon. One Docker Compose, one Python import.
Metadata
Slug observability-lgtm
Version 1.2.0
License
All-time Installs 1
Active Installs 1
Total Versions 5
Frequently Asked Questions

What is Observability Lgtm?

Set up a full local LGTM observability stack (Loki + Grafana + Tempo + Prometheus + Alloy) for FastAPI apps. One Docker Compose, one Python import, unified d... It is an AI Agent Skill for Claude Code / OpenClaw, with 499 downloads so far.

How do I install Observability Lgtm?

Run "/install observability-lgtm" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Observability Lgtm free?

Yes, Observability Lgtm is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Observability Lgtm support?

Observability Lgtm is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Observability Lgtm?

It is built and maintained by Nissan Dookeran (@nissan); the current version is v1.2.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments