← Back to Skills Marketplace
qq280948982

Promql Validator

by qq280948982 · GitHub ↗ · v0.1.0 · MIT-0
cross-platform ⚠ suspicious
240
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install promql-validator
Description
Validate, lint, audit, or fix PromQL queries and alerting rules; detects anti-patterns.
Usage Guidance
What to check before installing/running this skill: - Review the included Python scripts yourself (validate_syntax.py, check_best_practices.py, test_validators.py). They appear to be static PromQL analyzers and the provided excerpts show no network calls or obfuscated code, but you should still inspect the full sources. - The SKILL.md expects to run commands that use python3 and git and to be executed from the repository root. The skill metadata does not declare these binaries; ensure your environment has python3 and git or ask the author to declare them. Prefer running the scripts with absolute paths to the skill folder instead of cd'ing to repo root to limit file access. - Because the instructions tell the agent to use git rev-parse --show-toplevel (and to cite lines from repository files), the skill may read arbitrary files in whatever repository the agent runs in. If you run this in a repository containing secrets, run the skill in an isolated/sandboxed environment or a copy of the repo without sensitive data. - Run the test suite locally (scripts/test_validators.py) before granting the agent autonomy. That will show what outputs the scripts produce and help you validate they behave as expected. - If you plan to allow autonomous invocation, consider restricting its scope (or require manual approval) because reading repository-wide files increases privacy risk. Ask the publisher to: (a) declare required binaries (python3, git) in metadata, and (b) change instructions to use absolute skill paths or limit file access to the skill's folder to avoid accidental exposure of unrelated repository contents.
Capability Analysis
Type: OpenClaw Skill Name: promql-validator Version: 0.1.0 The skill provides PromQL validation and linting using local Python scripts. It is classified as suspicious because the instructions in SKILL.md direct the AI agent to execute shell commands using unsanitized user input (the "<query>" parameter), which constitutes a shell injection vulnerability. While the underlying Python scripts (validate_syntax.py and check_best_practices.py) are well-documented, include a test suite (test_validators.py), and perform only safe regex-based analysis without dangerous imports or network access, the instruction pattern itself creates a high-risk surface for prompt injection attacks against the agent.
Capability Assessment
Purpose & Capability
The name/description (PromQL validation, linting, anti-pattern detection) aligns with the included Python scripts (validate_syntax.py, check_best_practices.py, tests). However the SKILL.md assumes runtime tools/paths (python3, git and a repo layout like devops-skills-plugin/skills/promql-validator/scripts/...) while the skill metadata declares no required binaries or env vars. That mismatch (scripts will be executed but runtime requirements are not declared) is an inconsistency users should be aware of.
Instruction Scope
Runtime instructions instruct the agent to cd to the repository root via git rev-parse --show-toplevel and to cite files with file path + line numbers. That requires reading files in the repository (docs/, examples, etc.) and possibly files outside the skill folder. The scripts themselves appear to be local static analyzers and (based on provided sources) do not perform network I/O or credential access, but the 'run from repo root' requirement widens the read surface and could cause the agent to access arbitrary repo files. The two-phase STOP/WAIT flow is sensible and limits automatic changes, which is good.
Install Mechanism
There is no install spec (instruction-only install), which is low risk. But code files are included and the SKILL.md instructs running them with python3. The skill metadata did not declare python3 or git as required binaries; that omission is a mismatch to the runtime commands. Because the code will be executed directly, verify the runtime interpreter (python3) and that the files are trusted.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The provided scripts operate on query strings and local file contents only, so no extra secrets appear to be required.
Persistence & Privilege
always:false and no install scripts are present. The skill does not request persistent or system-level privileges and does not modify other skills or system-wide settings. Autonomous invocation (disable-model-invocation:false) is allowed by default; this is normal but increases runtime blast radius if combined with other issues (none detected here).
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install promql-validator
  3. After installation, invoke the skill by name or use /promql-validator
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release with multi-level PromQL validation, explanation, and workflow guidance: - Validates PromQL syntax and semantics, detecting common mistakes and anti-patterns. - Suggests optimizations and best practices for efficient query writing. - Explains PromQL queries in plain English, including output labels and structure. - Provides step-by-step interactive planning to align queries with user intent. - Includes citation-based recommendations referencing examples and documentation.
Metadata
Slug promql-validator
Version 0.1.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Promql Validator?

Validate, lint, audit, or fix PromQL queries and alerting rules; detects anti-patterns. It is an AI Agent Skill for Claude Code / OpenClaw, with 240 downloads so far.

How do I install Promql Validator?

Run "/install promql-validator" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Promql Validator free?

Yes, Promql Validator is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Promql Validator support?

Promql Validator is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Promql Validator?

It is built and maintained by qq280948982 (@qq280948982); the current version is v0.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments