← 返回 Skills 市场
220
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install grafana-inspector
功能描述
Grafana 自动化巡检技能。支持浏览器截图 + API 数据巡检,多仪表盘批量巡检,自动发现仪表盘。
使用说明 (SKILL.md)
\r \r
Grafana 自动化巡检技能\r
\r
快速开始\r
\r
# 1. 配置\r
cd skills/grafana-inspector/scripts\r
cp config.example.json config.json\r
# 编辑 config.json\r
\r
# 2. 执行\r
python main.py config.json\r
\r
# 或在 OpenClaw 中输入\r
执行 Grafana 巡检\r
```\r
\r
## 配置说明\r
\r
```json\r
{\r
"grafana_url": "http://localhost:3000",\r
"api_key": "",\r
"dashboard_uids": [],\r
"auto_discover": true,\r
"discover_limit": 10,\r
"inspection_mode": "hybrid",\r
"screenshot_dir": "./screenshots"\r
}\r
```\r
\r
| 参数 | 说明 | 必填 |\r
|------|------|------|\r
| `grafana_url` | Grafana 地址 | ✅ |\r
| `api_key` | API Key(API 巡检用) | ✅ |\r
| `dashboard_uids` | 仪表盘 UID 列表 | ❌ |\r
| `auto_discover` | 自动发现仪表盘 | ❌ |\r
| `discover_limit` | 最多巡检数量 | ❌ |\r
\r
## 使用方式\r
\r
### 方式 1:命令行\r
\r
```bash\r
cd skills/grafana-inspector/scripts\r
python inspect_report.py config.json\r
```\r
\r
### 方式 2:OpenClaw\r
\r
```\r
执行 Grafana 巡检\r
```\r
\r
## 输出\r
\r
- `inspection_*.json` - JSON 结果\r
- `inspection_*.md` - Markdown 报告\r
\r
## 获取 Dashboard UID\r
\r
1. 打开 Grafana 仪表盘\r
2. 查看 URL: `https://grafana/d/{UID}/{name}`\r
3. 复制 UID 部分\r
\r
## 获取 API Key\r
\r
1. Grafana → Configuration → API keys\r
2. 创建 Viewer 权限的 Key\r
3. 复制到配置\r
\r
## 文件结构\r
\r
```\r
grafana-inspector/\r
├── scripts/\r
│ ├── api_inspect.py # API 巡检\r
│ ├── main.py # 主脚本\r
│ └── config.json # 配置\r
├── screenshots/ # 截图\r
├── SKILL.md # 技能定义\r
└── README.md # 说明文档\r
```\r
\r
## 故障排查\r
\r
### API 连接失败\r
- 检查 API Key 是否正确\r
- 验证网络连接\r
- 确认 Grafana 服务正常\r
- 检查飞书授权状态\r
安全使用建议
This skill is plausibly what it claims to be, but review and fix a few things before running it in production:
- Configuration: The SKILL.md and config.example.json use keys like "dashboard_uids" and "discover_limit", but the included scripts/config.json uses different keys (e.g., "dashboard_uid"). Fix or reconcile the config file so the scripts read the intended fields.
- Credentials: Provide a Grafana API key with the minimum necessary permissions (Viewer) and store config.json securely. The tool supports username/password in config but using API keys is preferable. The skill does not request platform env vars, but the config file contains secrets — treat it accordingly.
- TLS verification: inspection_report.py disables TLS verification (requests(..., verify=False)). This makes HTTPS connections susceptible to MITM. If your Grafana endpoint has valid TLS, change verify to True; if you must disable verification for internal tooling, accept the risk and limit network exposure.
- Leftover references: The docs mention Feishu integration; no evidence in the code of outbound posting. Treat these as stale comments but confirm no hidden endpoints (you can grep for remote URLs or 'requests.post' calls before running).
- Code integrity: The provided listing shows a truncated snippet of api_inspect.py. Ensure the repository's files are complete and syntactically correct; a broken module could raise import errors. Run the scripts in a safe environment first.
- Scope and network: The tool only talks to the Grafana URL you configure. Only point it at Grafana instances you control or trust. Do not run against public/unknown Grafana endpoints with privileged keys.
If you are not comfortable fixing the issues above, ask the skill author to: provide a single consistent config example, remove verify=False or make it configurable, remove stale Feishu references or implement them clearly, and confirm the shipped code files are complete and validated.
功能分析
Type: OpenClaw Skill
Name: grafana-inspector
Version: 1.0.0
The skill bundle provides tools for automated Grafana dashboard auditing and reporting via API. It is classified as suspicious because `scripts/inspection_report.py` explicitly disables SSL certificate verification (`verify=False`) during API requests, a security vulnerability that exposes sensitive credentials (API keys/passwords) to man-in-the-middle attacks. While the code's logic is aligned with its stated purpose and no evidence of intentional malice or data exfiltration was found, the inclusion of this security flaw meets the criteria for a suspicious classification.
能力评估
Purpose & Capability
Name/description match the code: scripts call Grafana API endpoints, discover dashboards, generate reports and screenshots. The set of files and code are consistent with a Grafana inspection tool. There are no unrelated external services or unexpected credential requests.
Instruction Scope
SKILL.md instructs editing config.json and running the Python scripts, which is expected. However: (1) some troubleshooting text and comments mention Feishu (飞书) integration, but no code that posts to external document/chat endpoints was found — this is likely leftover documentation but creates confusion; (2) requests calls in inspection_report.py use verify=False (TLS verification disabled), which is a security risk (man-in-the-middle) and should be intentional only for internal/trusted networks; (3) the provided scripts, example config, and included config.json are inconsistent (keys like dashboard_uids vs dashboard_uid, discover_limit present in example but missing in the included config.json), which can cause incorrect behavior or user misconfiguration; (4) the displayed api_inspect.py snippet in the listing appears truncated (syntax cut mid-token) — if the shipped file contains such truncation it would raise import/runtime errors. These issues broaden the runtime scope beyond what's documented and increase risk of mistakes.
Install Mechanism
Instruction-only skill (no install spec). The code is shipped with the skill; no remote downloads or package installs are performed automatically. This is lower risk from an install mechanism perspective.
Credentials
The tool requires Grafana credentials (API key or username/password) to function — this is expected and proportionate. The skill requires no platform environment variables or unrelated credentials. Note: credentials are read from a local config file (config.json) rather than environment variables; make sure you store the API key with least-privilege (Viewer) and protect the file. Also note the mismatch between SKILL.md/example config keys and the included config.json which may lead to misconfiguration and accidentally leaving credentials in the wrong file or location.
Persistence & Privilege
always is false and the skill does not request any special platform persistence or modify other skills. It writes report files to the working directory (screenshots/reports), which is expected behavior for a reporting tool.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install grafana-inspector - 安装完成后,直接呼叫该 Skill 的名称或使用
/grafana-inspector触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of grafana-inspector.
- Automates Grafana dashboard inspections via browser screenshots and API data.
- Supports batch inspection and auto-discovery of multiple dashboards.
- Provides configurable inspection modes and output formats (JSON, Markdown).
- Includes command-line and OpenClaw integration for flexible usage.
- Clear setup instructions and troubleshooting included.
元数据
常见问题
grafana-inspector 是什么?
Grafana 自动化巡检技能。支持浏览器截图 + API 数据巡检,多仪表盘批量巡检,自动发现仪表盘。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 220 次。
如何安装 grafana-inspector?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install grafana-inspector」即可一键安装,无需额外配置。
grafana-inspector 是免费的吗?
是的,grafana-inspector 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
grafana-inspector 支持哪些平台?
grafana-inspector 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 grafana-inspector?
由 ken(@diluke1600)开发并维护,当前版本 v1.0.0。
推荐 Skills