← Back to Skills Marketplace

SLS + ARMS 全链路问题排查

Name: SLS + ARMS 全链路问题排查
Author: ccrazyfish

by Zhichao Lee · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

102

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install sls-trace-analysis

Description

查询阿里云SLS日志和ARMS调用链，结合源码和数据库进行全链路问题排查。完整流程：查日志 → 画调用链 → 定位源码 → 排查数据库 → 给出修复方案。 Use when: 用户说「分析sls」「分析问题」或想排查业务服务/线上接口/用户请求的报错或异常。触发示例：「分析sls」「帮我查一下这个trace_...

Usage Guidance

What to consider before installing: - Credential mismatch: The skill metadata asks for ALIBABA_CLOUD_ACCESS_KEY_ID/SECRET, but the script expects many SLS_* and ARMS_* env vars (SLS_PROJECT, SLS_LOGSTORE, ARMS_REGION_ID, etc.). Confirm which exact credentials are required. Do not assume the metadata is authoritative. - OpenClaw config access: The script will try to read ~/.openclaw/openclaw.json for env values. That file can contain other secrets (other skills' tokens, DB URLs). If you install/run this, it can access those values. Avoid putting production secrets in openclaw.json or remove/inspect those entries first. - Inspect the code yourself: Review scripts/query_trace.py fully (network calls, any hard-coded endpoints, where it sends collected logs, whether it writes files). Run it in a controlled environment before giving it real credentials. - Least privilege for credentials: If you must provide credentials, create dedicated AK/SK with the minimal permissions (read-only to the specific SLS project/logstores and ARMS read access) scoped to a non-production account if possible. - Database access: The skill promises automatic DB '排查' but declares no DB credentials. Determine how it will access databases (does it extract connection strings from openclaw.json or local files?). Do not allow it to use broad DB credentials. Prefer manual DB checks or provide read-only, limited-access test DB. - Prompt-injection behavior: SKILL.md enforces exact output templates and forbids normal agent behavior; this is an attempt to constrain or coerce the agent. That is suspicious—consider disabling autonomous invocation or avoid installing if you cannot audit/modify the skill. - Test in isolation: Before using on production traces, run the script in an isolated/VM environment with synthetic data and monitor network traffic and file system access. If you are not prepared to audit the script and control where credentials come from, treat this skill as high-risk and do not install it in environments containing sensitive production secrets.

Capability Analysis

Type: OpenClaw Skill Name: sls-trace-analysis Version: 1.0.0 The skill bundle provides a powerful tool for Alibaba Cloud SLS and ARMS log analysis but includes high-risk autonomous behaviors. Specifically, SKILL.md instructs the AI agent to automatically perform file system searches (using Grep/Read tools) and code analysis based on strings extracted from external log data (Step 5). This creates a significant risk of indirect prompt injection or path traversal if malicious content is present in the logs. Additionally, the Python script (query_trace.py) programmatically accesses the user's global '~/.openclaw/openclaw.json' file to retrieve sensitive Alibaba Cloud credentials. While these features align with the stated purpose of a 'Senior SRE' tool, the combination of automated local file access and credential handling based on remote data meets the threshold for a suspicious classification.

Capability Assessment

⚠ Purpose & Capability

The name/description (SLS + ARMS trace analysis) matches the included Python script and README. However the declared required env vars in metadata (ALIBABA_CLOUD_ACCESS_KEY_ID / ALIBABA_CLOUD_ACCESS_KEY_SECRET) do not match the credentials the script actually expects (SLS_ACCESS_KEY_ID, SLS_ACCESS_KEY_SECRET, ARMS_ACCESS_KEY_ID, ARMS_ACCESS_KEY_SECRET, ARMS_REGION_ID, SLS_PROJECT, SLS_LOGSTORE). The script also uses ~/.openclaw/openclaw.json as a fallback source for envs, which expands the set of credentials/config it will read beyond what the skill metadata declares.

⚠ Instruction Scope

SKILL.md forces the agent to run a local Python script from the skill workspace and mandates exact, non-editable output templates (a strong prompt-injection pattern). It also requires automatic execution of codebase searches and database '排查' (investigation). Those steps can access arbitrary local repo files and potentially sensitive DB info. The instructions forbid other local searches while simultaneously demanding automatic code/DB searches — an internal inconsistency that increases risk.

✓ Install Mechanism

This is instruction-only with a bundled Python script and requirements.txt (no remote downloads or post-install hooks). No install spec is provided. The risk comes from executing the included script rather than from an install mechanism.

⚠ Credentials

Metadata requests only generic Alibaba AK/SK, but the script requires multiple service-specific env vars (SLS_* and ARMS_* plus project/logstore names). More importantly, the script will read ~/.openclaw/openclaw.json to obtain env values as a fallback — meaning it can access other credentials/config stored there (cross-skill/global config). The skill promises automated DB checks but declares no DB credentials — it may attempt to discover DB connection info from openclaw.json or local files, which is disproportionate to the simple 'provide one API key' expectation.

⚠ Persistence & Privilege

The skill is not marked always:true and doesn't install persistently, which is good. However the script reads the user's OpenClaw config (~/.openclaw/openclaw.json) to obtain environment variables; that grants it access to potentially unrelated secrets belonging to other skills or the user. That cross-config access is a privilege beyond its stated scope.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install sls-trace-analysis
After installation, invoke the skill by name or use /sls-trace-analysis
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

sls-trace-analysis v1.0.0 - Initial release. - Enables full-link Alibaba Cloud SLS log and ARMS trace investigation, integrating source code and database troubleshooting. - Provides strict, template-driven user interactions for collecting trace parameters, querying, and presenting results. - Automates script execution based on user input for trace_id, wusid, or path, with flexible time range selection. - Ensures all logstore logs are grouped, unmerged, and fully output as per guidelines. - Implements strict error handling and user guidance for cases where no data is found.

Metadata

Slug sls-trace-analysis

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is SLS + ARMS 全链路问题排查?

查询阿里云SLS日志和ARMS调用链，结合源码和数据库进行全链路问题排查。完整流程：查日志 → 画调用链 → 定位源码 → 排查数据库 → 给出修复方案。 Use when: 用户说「分析sls」「分析问题」或想排查业务服务/线上接口/用户请求的报错或异常。触发示例：「分析sls」「帮我查一下这个trace_... It is an AI Agent Skill for Claude Code / OpenClaw, with 102 downloads so far.

How do I install SLS + ARMS 全链路问题排查?

Run "/install sls-trace-analysis" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is SLS + ARMS 全链路问题排查 free?

Yes, SLS + ARMS 全链路问题排查 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does SLS + ARMS 全链路问题排查 support?

SLS + ARMS 全链路问题排查 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created SLS + ARMS 全链路问题排查?

It is built and maintained by Zhichao Lee (@ccrazyfish); the current version is v1.0.0.

More Skills