← Back to Skills Marketplace
yuyonghao-123

Observability

by yuyonghao-123 · GitHub ↗ · v0.1.1 · MIT-0
cross-platform ⚠ suspicious
154
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install yuyonghao-observability
Description
Provides a complete AI agent observability solution with structured logs, metrics, distributed tracing, alert management, and a real-time monitoring dashboard.
Usage Guidance
This package appears to implement an observability system and mostly aligns with its description, but review these points before installing: - Source & provenance: the skill has no homepage or repository link. Prefer packages with a known source or inspect the full repository before trusting it in production. - Version/manifest inconsistencies: SKILL.md claims v0.2.0 while package.json is v0.1.1 and package-lock.json v0.1.0; the registry also listed it as "instruction-only" despite code files. These mismatches suggest the package or metadata may be stale or poorly maintained. - Missing/trimmed code or API mismatches: index.js references methods (e.g., createDefaultRules, getStats, getHistory) that were not visible in the provided AlertManager snippet — the repo may be incomplete or truncated in the scanned snapshot. Run the test suite locally and review all source files before use. - Webhook/notifications: AlertManager can POST alert payloads to configured webhook URLs. Only configure webhooks that you trust. Avoid sending logs or tokens to external endpoints you do not control. Treat webhooks as possible exfiltration channels. - Run in isolation first: run npm install and npm test in a sandbox (container or VM). Start the dashboard on a non-production machine and inspect logs and network activity to confirm behaviour. - Inspect logs and default config: default log directory (./logs) may contain sensitive data — rotate and restrict permissions. If you enable auto-reporting or external reporting later, double-check destinations. If you want, I can: (a) scan the omitted files for suspicious network calls or credential reads, (b) list all dependency versions from package-lock.json, or (c) suggest minimal configuration to run safely in a sandbox.
Capability Analysis
Type: OpenClaw Skill Name: yuyonghao-observability Version: 0.1.1 The skill bundle implements a comprehensive observability system, but it contains a significant security vulnerability in `src/dashboard.js`. The dashboard starts an unauthenticated HTTP server (defaulting to port 3001) that exposes sensitive system information, including full application logs via the `/api/logs` endpoint and detailed LLM/MCP execution metadata via `/api/status`. While these features align with the stated purpose of the tool, the lack of any access control or authentication mechanism creates a high risk of information disclosure and data exfiltration if the agent is running in a non-isolated network environment.
Capability Assessment
Purpose & Capability
Name/description match the included code: logger, metrics, tracer, alert manager, dashboard, and monitors are present. The skill requires Node >=18 per SKILL.md/package.json (reasonable). There are no unrelated required env vars or binaries. However the registry metadata said "instruction-only" while the package contains many code files and a package.json—an inconsistency in the manifest.
Instruction Scope
SKILL.md instructs npm install, run tests, and start a local dashboard (node src/dashboard.js). The code implements dashboard and webhook notification handlers that will send alert payloads to configured webhook URLs. That behaviour is expected for an alert manager but it is a potential exfiltration vector if a webhook is pointed to an untrusted external endpoint. The instructions do not ask to read unrelated system credentials, but the implementation writes/reads logs (./logs by default) and exposes API endpoints on localhost which could surface sensitive log/metric data if misconfigured.
Install Mechanism
No formal install spec was provided by the registry (install-only via SKILL.md). The package uses npm (package.json + package-lock.json) and depends primarily on 'winston' and typical npm libs — an expected, moderate-risk install mechanism. There are no downloads from arbitrary URLs or extract operations in the manifest.
Credentials
The skill declares no required environment variables or primary credentials and the code does not require cloud credentials for normal operation. That is proportionate to an observability tool. Note: if you configure webhook notification channels you will supply external URLs; those endpoints could receive alert and (depending on configuration) log/metric content.
Persistence & Privilege
The skill does not request 'always: true' or elevated privileges. It can run a local HTTP dashboard (default port 3001) and writes logs to disk (./logs). Those are normal for a monitoring tool but mean it will create files and listen locally while running. Autonomous invocation is allowed (platform default), which increases blast radius only if combined with other red flags.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install yuyonghao-observability
  3. After installation, invoke the skill by name or use /yuyonghao-observability
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.1
- Updated package.json only. - No features, fixes, or documentation changes in codebase. - Internal metadata or dependency update; no impact on user-facing functionality.
v0.1.0
Complete observability system with logging, metrics, tracing, alerts and dashboard
Metadata
Slug yuyonghao-observability
Version 0.1.1
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is Observability?

Provides a complete AI agent observability solution with structured logs, metrics, distributed tracing, alert management, and a real-time monitoring dashboard. It is an AI Agent Skill for Claude Code / OpenClaw, with 154 downloads so far.

How do I install Observability?

Run "/install yuyonghao-observability" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Observability free?

Yes, Observability is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Observability support?

Observability is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Observability?

It is built and maintained by yuyonghao-123 (@yuyonghao-123); the current version is v0.1.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463368 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259467 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200457 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191163 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190189 · by oswalpalash

💬 Comments