← Back to Skills Marketplace
236
Downloads
0
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install openclaw-cls-collector
Description
OpenClaw 可观测数据一键采集部署。当用户提到 OpenClaw 采集、CLS 采集部署、一键部署采集器时使用此 Skill。
Usage Guidance
This skill aims to deploy OpenClaw to Tencent CLS and legitimately needs Tencent credentials to create resources — but it asks you to paste SecretId/SecretKey into the chat and to run a remotely-downloaded installer. Before installing or using this skill:
- Do not paste long-lived root or high-privilege keys into chat. Treat SecretId/SecretKey as sensitive secrets. Prefer running the provided curl command yourself in a terminal.
- Verify the installer URL (mirrors.tencent.com) and, if you run it, first download and inspect the file locally (cat /tmp/cls-openclaw-setup or open in an editor) before executing.
- Prefer creating a short-lived, least-privilege CAM key scoped only to the CLS resources needed, or use an isolated test account. Rotate or revoke the key after use.
- If you must provide credentials to an agent, ask whether the agent will store or transmit them; avoid sharing secrets in chat with tools that don't declare secret handling.
Given the mismatch between metadata and runtime behavior (no declared creds but instructions collect them) and the remote-execute pattern, proceed only if you can validate the installer and accept the risk, otherwise run the deployment locally yourself.
Capability Analysis
Type: OpenClaw Skill
Name: openclaw-cls-collector
Version: 1.0.3
The skill requests sensitive Tencent Cloud credentials (SecretId and SecretKey) and executes a remote script downloaded via curl from mirrors.tencent.com. While these actions are consistent with the stated purpose of deploying observability services, the practice of handling raw cloud secrets and performing remote code execution via an AI agent is a high-risk pattern that could lead to credential exposure or unauthorized execution if the source or environment is compromised.
Capability Assessment
Purpose & Capability
Requesting Tencent SecretId/SecretKey and a region is consistent with creating CLS resources. However, the skill metadata declares no required credentials or env vars while the runtime instructions explicitly ask the agent to collect sensitive credentials from the user — a mismatch between declared requirements and actual instructions.
Instruction Scope
The SKILL.md instructs the agent to directly prompt the user for SecretId and SecretKey in chat and then run a remote installer with those credentials. Collecting secrets via chat and transmitting them to a remote install command is broader and higher-risk than the metadata indicates. The instructions do not require the agent to inspect or validate the remote script before execution.
Install Mechanism
There is no install spec in the registry; at runtime the skill downloads an installer from https://mirrors.tencent.com/install/cls/openclaw/setup.sh and executes it. While mirrors.tencent.com appears to be an official Tencent mirror, downloading and executing a remote file is inherently risky — and the doc inconsistently calls the file a binary despite a .sh extension.
Credentials
The only sensitive items requested are Tencent SecretId/SecretKey, which are relevant to the task. However, those credentials are not declared in the skill metadata and the skill asks users to paste them into the chat, which is disproportionate compared with safer alternatives (e.g., asking the user to run the provided curl command locally or provide a short-lived, least-privilege key).
Persistence & Privilege
The skill does not request persistent presence (always:false) and does not modify other skills or system-wide config. Autonomous invocation is allowed (platform default) but the SKILL.md requires waiting for user-provided credentials before proceeding.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openclaw-cls-collector - After installation, invoke the skill by name or use
/openclaw-cls-collector - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.3
Simplify output: default to key-input flow for testing, one-liner for production, remove risk signals from description
v1.0.2
Dashboard link is now shown only after successful deployment and topic creation, not during option selection
v1.0.1
Fix: setup is a binary executable, not a shell script. Changed from pipe-to-bash to download-then-execute workflow.
v1.0.0
Initial release: one-click observability data collection for OpenClaw via Tencent Cloud CLS
Metadata
Frequently Asked Questions
What is OpenClaw CLS Collector?
OpenClaw 可观测数据一键采集部署。当用户提到 OpenClaw 采集、CLS 采集部署、一键部署采集器时使用此 Skill。 It is an AI Agent Skill for Claude Code / OpenClaw, with 236 downloads so far.
How do I install OpenClaw CLS Collector?
Run "/install openclaw-cls-collector" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is OpenClaw CLS Collector free?
Yes, OpenClaw CLS Collector is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does OpenClaw CLS Collector support?
OpenClaw CLS Collector is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created OpenClaw CLS Collector?
It is built and maintained by trump (@trumphuang); the current version is v1.0.3.
More Skills