← 返回 Skills 市场

Darkhunt Observability

Name: Darkhunt Observability
Author: volkodavs

作者 volkodavs · GitHub ↗ · v0.3.8-build-14 · MIT-0

cross-platform ✓ 安全检测通过

372

总下载

当前安装

版本数

在 OpenClaw 中安装

/install darkhunt-observability

功能描述

Monitor OpenClaw agent runs with real-time traces showing decisions, tool usage, performance, costs, and user attribution for full observability.

使用说明 (SKILL.md)

Darkhunt Observability

See what your OpenClaw agent actually does. No more black box.

This plugin sends real-time telemetry to Darkhunt Observability so you can see every agent run as a trace — what the agent decided, which tools it called, how long each step took, and how much it cost.

What you get

Full conversation traces so you see every step your agent takes: LLM calls, tool executions, and message flow as a connected timeline
Tool visibility — which tools were called, what arguments were passed, whether they succeeded or failed
User attribution — see which user triggered each conversation
Multi-agent support — traces stay isolated per session, even with concurrent agents
Cost tracking — know exactly how much each conversation costs, broken down by model call
Token usage — input, output, cache read, and cache creation tokens per generation
Performance timing — duration of every step, time-to-first-token for LLM responses

Setup

Setup takes 2 minutes:

Install the plugin
Run openclaw tracehub setup
Restart the gateway

The wizard walks you through connecting to Darkhunt — just paste your API key and workspace ID.

Commands

openclaw tracehub setup    # Interactive setup wizard
openclaw tracehub status   # Show current configuration and status
openclaw tracehub config   # Show raw plugin config as JSON

Privacy & Data Control

3 payload modes control what data leaves your environment:

metadata (default) — structural data only: model name, token counts, cost, duration, tool names, success/failure. No conversation content is exported.
debug — metadata + truncated content (500 chars). Useful for troubleshooting.
full — includes conversation content subject to size limits (4 KB per field, 64 KB per span). Only use if you trust the destination endpoint.

Notes

Free tier available at https://darkhunt.ai
Exports via OTLP/protobuf (works with any OpenTelemetry-compatible backend)
Never crashes your agent — all export errors are caught and logged

安全使用建议

What to check before installing: - Understand what will be sent: by default payload_mode = "metadata" (no conversation content). If you set payload_mode to "debug" or "full" the plugin will transmit truncated or full conversation content and tool arguments to the configured OTLP endpoint — only use those modes with endpoints you trust. - setup-plugin.sh will run npm install (production deps) in the plugin directory and will modify ~/.openclaw/openclaw.json (adds the plugin path and enables a plugin entry). The script backs up the file but you should inspect it before running. - Audit the repository or at least the payload filtering logic (payload.ts / span-builder) and the config handling (config.ts) to ensure sensitive fields are redacted as you expect. Verify the safe-tool allowlist if you rely on it. - If you prefer more control: install with --no-deps (scripts/package.sh supports packaging without node_modules), run npm ci yourself, and review node_modules before enabling; or point the plugin at a local OTLP collector (localhost:4318) to keep telemetry on-host. - Network & credentials: the plugin sends data to whatever traces_endpoint you configure. Use tokens/headers you are comfortable exposing to that endpoint and prefer short-lived or scoped tokens. - Because an automated scanner flagged a potential prompt-injection pattern, quickly grep SKILL.md and CLAUDE.md for lines that try to change system prompts, exfiltrate secrets, or ask the agent to ignore safety constraints; if you find anything suspicious, do not install. If you want, I can: (a) highlight the exact lines in SKILL.md/CLAUDE.md that look risky; (b) summarize where conversation content could be included in exports; or (c) produce a checklist to harden install/configuration (e.g., set payload_mode=metadata, use local OTLP collector, rotate keys).

功能分析

Type: OpenClaw Skill Name: darkhunt-observability Version: 0.3.8-build-14 The Darkhunt Observability plugin is a legitimate telemetry tool for OpenClaw that exports traces and logs via OTLP to a monitoring backend (defaulting to api.darkhunt.ai). It includes robust privacy controls in src/payload.ts, such as a 'payload_mode' setting that defaults to structural metadata only and a 'SAFE_TOOLS' allowlist that redacts parameters for unknown tools to prevent accidental secret leakage. The installation script (setup-plugin.sh) and setup wizard (src/setup.ts) are transparent, perform configuration backups, and follow standard platform integration patterns without any evidence of malicious intent or unauthorized data access.

能力标签

cryptorequires-oauth-token

能力评估

✓ Purpose & Capability

Name/description match the contained code: the repo hooks OpenClaw events, builds spans, and exports via OTLP to a configurable traces endpoint (Darkhunt or any OTLP collector). No unrelated credentials or binaries are requested. The presence of CLI, exporter, span-builder, and setup scripts is coherent with the stated observability purpose.

ℹ Instruction Scope

SKILL.md instructions are scoped to installing the plugin, running the setup wizard, and configuring endpoints/headers. The README and code confirm three payload modes (metadata/debug/full); choosing debug/full will send truncated or full conversation content to the configured endpoint — that is explicit in docs. The setup script also writes to ~/.openclaw/openclaw.json (adds load path and enables the plugin) and runs npm install when invoked; these side effects are expected for installing a plugin but are important to be aware of.

ℹ Install Mechanism

There is no registry install spec but the bundle includes build scripts and a bootstrap (setup-plugin.sh) that runs npm install --omit=dev in the plugin directory. Dependencies are standard OpenTelemetry packages pulled from npm (package-lock.json present). No remote ad-hoc downloads or URL shorteners are used; packaging script may optionally bundle node_modules. Running npm install pulls from public npm — moderate risk if you don't audit dependencies.

✓ Credentials

The plugin does not request unrelated environment variables or secrets; it expects the user to provide traces_endpoint and auth headers (Authorization, workspace/application id) via the setup wizard or openclaw.json. Those credentials are proportionate to sending telemetry to an external observability backend. The ability to export content is user-configurable (payload_mode), and metadata-only is the safe default.

ℹ Persistence & Privilege

always:false and model invocation allowed (normal). The install scripts modify the user's ~/.openclaw/openclaw.json to add the plugin path and enable a plugin entry (it creates a .bak). This is standard for installing a plugin but means the script will persistently enable the plugin and write config under your home directory — review before running.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install darkhunt-observability
安装完成后，直接呼叫该 Skill 的名称或使用 /darkhunt-observability 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.3.8-build-14

- Merge pull request #13 from darkhunt-security/chore/bump-version-0.3.8 - Bump version to 0.3.8

v0.3.7-build-12

- Merge pull request #12 from darkhunt-security/feat/dispatch-docker-rebuild - Use GitHub App token for docker-openclaw dispatch (not PAT) - Trigger docker-openclaw image rebuild after plugin publish

v0.3.7-build-9

- unify publish plugin

v0.3.7-build-4

- Merge pull request #11 from darkhunt-security/open_claw_unify - add sonar integration - unify openclaw as a main repo plugin - Merge pull request #8 from darkhunt-security/feat/suppress-noisy-spans-0.3.7 - Suppress agent and discovery spans, bump to v0.3.7 - Fix thread promotion, suppress noisy spans, bump to v0.3.5 - Merge pull request #7 from darkhunt-security/fix/version-bump-0.3.3 - Bump version to 0.3.3 - Merge pull request #6 from darkhunt-security/feat/hooks-and-resource-improvements - Add CI and ClawHub publish workflows

v1.3.1

- Removed all test files and the TypeScript configuration from the project. - Documentation updated to clarify privacy modes and data export size limits.

v1.2.4

No changes detected in this version. - Version 1.2.2 released with no updates to documentation or code. - All features and setup steps remain the same as the previous release.

v1.2.1

- Introduced real-time telemetry for OpenClaw agents with full conversation tracing. - Added visibility into LLM calls, tool executions (including arguments and outcomes), and user attribution. - Enabled multi-agent session isolation, token and cost tracking, and detailed performance metrics. - Provided configurable privacy levels for data export: metadata-only, debug, or full content. - Included OpenTelemetry-compatible exports (OTLP/protobuf) and robust error handling to prevent agent crashes.

元数据

Slug darkhunt-observability

版本 0.3.8-build-14

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 7

常见问题