← Back to Skills Marketplace
ops-mcp-server
by
Shaowen Chen
· GitHub ↗
· v1.0.3
546
Downloads
1
Stars
1
Active Installs
4
Versions
Install in OpenClaw
/install ops-mcp-server
Description
Query observability data and execute operational procedures via the ops-mcp-server MCP interface. Covers Kubernetes events, Prometheus metrics, Elasticsearch...
Usage Guidance
Key things to consider before installing/using this skill:
- It is instruction-only and does not ship code, but it instructs the agent (and you via examples) to use mcporter configured to call an MCP endpoint. That endpoint is where actions actually run — review and trust the MCP server before connecting.
- The documentation references and uses environment/config values (OPS_MCP_SERVER_URL, EVENT_CLUSTER) and an Authorization token in ~/.openclaw/workspace/config/mcporter.json, but the skill metadata does not declare required env vars or credentials. Treat this as a gap: expect to supply sensitive tokens to mcporter if you want the skill to operate.
- The skill contains examples that call execute-sops-from-ops (restart-node, db-migrate, scale-deployment). Those examples can modify infrastructure. If you want only read-only investigation, ensure the token you provide has read-only scope, or disable/guard SOPS execution on the MCP server.
- Before enabling: (1) verify the MCP endpoint URL and ownership; (2) limit token scope and lifetime (use a token that cannot execute destructive SOPS if possible); (3) require manual confirmation for SOPS execution or remove execute-sops privileges; (4) test in a staging environment; (5) audit mcporter logs and MCP audit trails so any SOPS call is visible and attributable.
- If you are concerned about autonomous agent behavior, consider disabling autonomous invocation of this skill for agents that should not perform actions, or ensure the agent prompts a human before any execute-sops call.
- Finally, ask the publisher to clarify the contradiction between 'not for direct infrastructure changes' and the SOPS execution examples, and to declare required environment variables and recommended token scopes in the registry metadata.
Capability Analysis
Type: OpenClaw Skill
Name: ops-mcp-server
Version: 1.0.3
The skill bundle is classified as suspicious due to a significant prompt injection vulnerability. The `SKILL.md` file explicitly states that the skill is 'NOT FOR Direct infrastructure changes' and 'all access is read-only'. However, the `examples/sops.md` file directly contradicts this by providing clear instructions and examples for executing 'Standard Operational Procedures' (SOPS) that perform infrastructure modifications, such as `restart-node`, `scale-deployment`, `db-backup`, and `db-migrate`. This contradiction creates a critical prompt injection risk, as an attacker could instruct the AI agent to ignore the safety warnings in `SKILL.md` and leverage the `execute-sops-from-ops` tool to perform unauthorized or destructive actions.
Capability Assessment
Purpose & Capability
The skill's name, description and tool names align with querying events, metrics, logs, traces and listing/executing SOPS via an MCP interface. SOPS (procedures) are a legitimate part of an ops skill, but the README/SKILL.md also states 'NOT For Direct infrastructure changes' while providing examples that execute potentially destructive SOPS (restart-node, db-migrate, scale-deployment). This is a contradictory design choice that should be clarified.
Instruction Scope
The SKILL.md instructs the agent/user to run mcporter commands (npx mcporter ...) and to add an Authorization header in ~/.openclaw/workspace/config/mcporter.json if auth fails. It also includes explicit examples for execute-sops-from-ops that perform actions (restart, scale, db migrate). Those instructions give the agent a direct path to trigger infrastructure changes via the user's configured MCP server. The docs reference local config files and environment variables (OPS_MCP_SERVER_URL, EVENT_CLUSTER) and encourage setting tokens — all of which expand the skill's I/O surface beyond read-only investigation.
Install Mechanism
This is an instruction-only skill (no install spec, no code files). That is the lowest install risk: nothing is downloaded or written by the skill package itself. The runtime behavior depends on the user's mcporter CLI and the remote MCP server the user configures.
Credentials
Registry metadata lists no required env vars or credentials, but SKILL.md and design.md reference OPS_MCP_SERVER_URL and EVENT_CLUSTER and ask the user to add an Authorization header (Bearer token) to mcporter.json. The skill therefore expects credentials/config but does not declare them. That mismatch is important: the agent instructions assume access to tokens and config files without declaring them, and those tokens grant the ability to call the MCP server (including SOPS execution).
Persistence & Privilege
The skill is not marked always:true and uses the platform default (agent may invoke it autonomously). Autonomous invocation combined with the ability to execute SOPS increases blast radius: an agent could autonomously call execute-sops-from-ops if given permission to the MCP. This is not automatically malicious but elevates risk and should be mitigated by restricting token scope and requiring confirmations/auditing for SOPS runs.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install ops-mcp-server - After installation, invoke the skill by name or use
/ops-mcp-server - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.3
- Updated all setup instructions to use npx for running mcporter, removing the requirement for global installation.
- Improved documentation in README and SKILL.md for easier first-time use.
- No changes to core features or API. Documentation and developer experience improved.
v1.0.2
- Updated mcporter server setup instructions to use config key ops-mcp-server (was ops-mcp-server-mcp)
- Updated usage and verification examples in the setup section to align with new config key
- No capability, interface, or behavioral changes to modules or commands
- Reference and example documentation files updated for clarity and consistency
v1.0.1
- Major documentation restructure for clarity and quick reference.
- All example and pattern files (logs, metrics, events, traces, sops) moved from `references/examples/` to a dedicated `examples/` directory.
- Added concise setup instructions and common troubleshooting paths.
- New decision guide for incident investigation and tool selection.
- Expanded trigger list in SKILL.md for broader coverage of observability-related terms.
- Updated tool quick-reference and query patterns for all modules.
v1.0.0
Initial release of ops-mcp-server skill.
- Enables unified access to Kubernetes events, Prometheus metrics, Elasticsearch logs, and Jaeger traces via MCP interface.
- Supports executing standardized operational procedures (SOPS).
- Provides troubleshooting tips, example commands, and best practices.
- Includes setup and authentication instructions for mcporter integration.
- Offers read-only operational observability for incident investigation and monitoring.
Metadata
Frequently Asked Questions
What is ops-mcp-server?
Query observability data and execute operational procedures via the ops-mcp-server MCP interface. Covers Kubernetes events, Prometheus metrics, Elasticsearch... It is an AI Agent Skill for Claude Code / OpenClaw, with 546 downloads so far.
How do I install ops-mcp-server?
Run "/install ops-mcp-server" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is ops-mcp-server free?
Yes, ops-mcp-server is completely free (open-source). You can download, install and use it at no cost.
Which platforms does ops-mcp-server support?
ops-mcp-server is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created ops-mcp-server?
It is built and maintained by Shaowen Chen (@shaowenchen); the current version is v1.0.3.
More Skills