← Back to Skills Marketplace

Server Monitor Collector

Name: Server Monitor Collector
Author: freepengyang

by freepengyang · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install server-monitor-collector

Description

Collect server monitoring data (Zabbix / Prometheus / Alibaba / Tencent / Huawei Cloud), generate CSV/XLSX reports and send via email or Feishu.

Capability Analysis

Type: OpenClaw Skill Name: server-monitor-collector Version: 1.0.0 The skill bundle contains multiple scripts with hardcoded sensitive credentials and specific infrastructure targets, likely originating from a leaked or poorly sanitized internal tool. Notable indicators include hardcoded Zabbix credentials and a specific URL (zabbix.ops.qiyujoy.com) in scripts/zabbix_cron.py and scripts/zabbix_monitor.py, as well as hardcoded Alibaba Cloud Access Keys (LTAI5t9rEAm36j2kRinX5Yut) in scripts/aliyun_monitor.py. Additionally, a hardcoded Feishu Chat ID (oc_26aa4b60c17dc842e987777295396955) is present in scripts/zabbix_cron.py, which could lead to the unauthorized transmission of server monitoring data to an external third-party endpoint if the user does not override these values in their local environment configuration.

Capability Tags

requires-walletrequires-sensitive-credentials

Capability Assessment

⚠ Purpose & Capability

Functionality (Zabbix, Prometheus, Alibaba/Tencent/Huawei, email/Feishu) aligns with the description, but the skill metadata declares no required env vars while the scripts clearly expect many secret credentials. Additionally several scripts contain hardcoded default credentials/endpoints (e.g., ZABBIX_URL pointing to zabbix.ops.qiyujoy.com and default ZABBIX_PASSWORD), which is inconsistent with a skill that should only contact user-configured systems.

⚠ Instruction Scope

SKILL.md instructs using ~/.hermes/.env and scheduling the main cron; the bundled scripts read environment variables and will auto-detect sources. However code also reads/writes absolute paths under /root/.hermes, and several files contain hardcoded FEISHU_CHAT_ID and default cloud keys/endpoints. The runtime instructions therefore permit (and the code will perform) network calls and potential data disclosure to defaults if the user does not explicitly set their own env vars — broader scope than the metadata indicates.

ℹ Install Mechanism

There is no external download — all scripts and reference files are bundled (file installs). That lowers install risk. The scripts require common Python libraries (openpyxl, pandas, httpx, aliyun SDK optionally) which the SKILL.md documents; no opaque remote installers or URL downloads were used. Still, the package includes multiple fairly large scripts with embedded defaults that should be reviewed.

⚠ Credentials

Metadata declared no required environment variables, but the skill actually expects many secrets (ZABBIX_URL/TOKEN or user/password, ALIBABA_ACCESS_KEY_ID/SECRET, TENCENT_SECRET_ID/KEY, HUAWEI_ACCESS_KEY/SECRET, SMTP_* , FEISHU_CHAT_ID, etc.) communicated via ~/.hermes/.env or loaded via dotenv. Worse, default secret-like values and keys are present in code (e.g., Alibaba/Alibaba LTAI and SK defaults, Zabbix default password, FEISHU_CHAT_ID), which is disproportionate and risky because missing user config causes the scripts to use those defaults and reach external endpoints.

⚠ Persistence & Privilege

The skill does not request 'always: true' and can be invoked by the user, but several scripts use absolute paths under /root (e.g., /root/.hermes/cron/output/* and /root/.hermes/.env). This implies the code expects to run as root or will write to root-owned locations, which is surprising and raises privilege/persistence concerns (unexpected file writes, need to run as root, or failure with possibly inconsistent behavior). The scripts also provide a 'hermes cron create' example which would schedule recurring runs — normal for cron but combine with hardcoded defaults increases blast radius.

ℹ scan_findings_in_context

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install server-monitor-collector
After installation, invoke the skill by name or use /server-monitor-collector
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release: Zabbix + Alibaba/Tencent/Huawei Cloud monitoring. Auto-generates CSV/XLSX reports. Supports Feishu and email notifications. TOP50 host ranking. ClawHub and Hermes compatible.

Metadata

Slug server-monitor-collector

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Server Monitor Collector?

Collect server monitoring data (Zabbix / Prometheus / Alibaba / Tencent / Huawei Cloud), generate CSV/XLSX reports and send via email or Feishu. It is an AI Agent Skill for Claude Code / OpenClaw, with 55 downloads so far.

How do I install Server Monitor Collector?

Run "/install server-monitor-collector" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Server Monitor Collector free?

Yes, Server Monitor Collector is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Server Monitor Collector support?

Server Monitor Collector is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Server Monitor Collector?

It is built and maintained by freepengyang (@freepengyang); the current version is v1.0.0.

More Skills