功能描述

AI monitoring that fixes your code — query alerts, trigger remediations, rollback deploys, chat with your infrastructure

使用说明 (SKILL.md)

InariWatch — AI Monitoring That Fixes Your Code

Name: Openclaw Skill
Author: orbita-pos

You are connected to InariWatch via MCP. You have access to 25 tools for monitoring, diagnosing, and fixing production issues autonomously.

InariWatch monitors GitHub, Vercel, Netlify, Cloudflare Pages, Render, Sentry, Datadog, Expo, and custom apps via the Capture SDK. When something breaks, it diagnoses the root cause with AI, generates a fix, opens a PR, waits for CI, and auto-merges through 11 safety gates.

Available tools

Check status

"What's breaking in production?" -> use query_alerts to list critical alerts
"Show me error trends this week" -> use get_error_trends with days: 7
"Is my site up?" -> use get_uptime to check all monitors
"Show project status" -> use get_status for projects, integrations, and alert counts

Diagnose issues

"What caused this error?" -> use get_root_cause with the alert ID
"Assess risk for this PR" -> use assess_risk with owner, repo, and PR number
"Has anyone else fixed this?" -> use search_community_fixes with the error message
"Generate a post-mortem" -> use get_postmortem with the alert ID
"Get build logs" -> use get_build_logs for the latest failed deploy

Fix issues

"Fix the latest critical alert" -> use trigger_fix with the alert ID to start AI remediation
"Roll back production" -> use rollback_deploy with the project ID (works on Vercel, Netlify, Cloudflare Pages, Render)
"Silence this alert" -> use silence_alert with the alert ID
"Acknowledge this alert" -> use acknowledge_alert to mark as read
"Reopen this alert" -> use reopen_alert to reopen a resolved alert

Monitor and explore

"Add uptime monitoring for api.example.com" -> use create_uptime_monitor with the URL
"Run a health check" -> use run_health_check for all monitors
"Check if this can be reproduced" -> use reproduce_bug with the alert ID
"Simulate this fix" -> use simulate_fix with the alert ID and proposed changes
"Verify the remediation worked" -> use verify_remediation with the session ID
"Search my codebase for auth logic" -> use search_codebase with the query
"Reindex my codebase" -> use reindex_codebase with the project ID
"Ask about my infrastructure" -> use ask_inari with a natural language question

Important rules

Always confirm before destructive actions. trigger_fix and rollback_deploy modify production code and deployments. Ask the user for explicit confirmation before executing these.
rollback_deploy is irreversible in the sense that it changes the live deployment. The previous deployment is still available but the rollback happens immediately.
Rate limits apply. Query tools: 200/min. Analysis tools: 30/min. Execution tools (fix, rollback): 5/min. If you hit a limit, wait and retry.
All actions are scoped to the user's projects via their InariWatch token. You cannot access other users' data.
trigger_fix starts an async pipeline. It returns a session ID immediately. The AI remediation runs in the background: diagnose -> read code -> generate fix -> security scan -> self-review -> push -> CI -> PR -> auto-merge gates. You can check progress with verify_remediation.
Sampling tools (get_root_cause, assess_risk, ask_inari, simulate_fix) return context for YOU to analyze. Process the returned data and provide your own analysis to the user.

Setup

The user needs an InariWatch account at https://app.inariwatch.com and a token from Settings -> API Tokens.

Option 1 — Auto-detect (recommended):

npx @inariwatch/mcp init

This detects OpenClaw and configures automatically.

Option 2 — Manual CLI:

openclaw mcp set inariwatch '{"url":"https://mcp.inariwatch.com","transport":"streamable-http","headers":{"Authorization":"Bearer YOUR_TOKEN"}}'

Option 3 — Edit config directly: Add to ~/.openclaw/openclaw.json:

{
  "mcp": {
    "servers": {
      "inariwatch": {
        "url": "https://mcp.inariwatch.com",
        "transport": "streamable-http",
        "headers": {
          "Authorization": "Bearer YOUR_TOKEN"
        }
      }
    }
  }
}

安全使用建议

This skill appears coherent for its stated purpose, but take these precautions before installing: - Treat INARIWATCH_TOKEN as sensitive: only provide a token with the minimum scope needed and be prepared to revoke it if needed. - Confirm destructive actions: the skill can trigger fixes and rollbacks; only proceed when you explicitly confirm those operations. - Verify the npm helper: SKILL.md suggests `npx @inariwatch/mcp init` — npx will fetch and execute code from the npm registry. Verify the package identity (publisher, package page, version) before running and prefer to inspect the package source if you can. - Review InariWatch account integrations: the skill relies on the service to access GitHub, CI, and hosting providers. Ensure you trust the InariWatch account and that its integrations and permissions are appropriate. - If you need stronger assurance, ask the publisher for: a link to the npm package, the MCP package source, security/release info, and documentation of what minimum token scopes are required. Overall: reasonable match for its purpose, but because it can change production and downloads code via npx, proceed with deliberate review and least-privilege tokens.

功能分析

Type: OpenClaw Skill Name: inariwatch Version: 1.0.0 The inariwatch skill provides tools for automated monitoring and remediation, including high-risk capabilities such as searching codebases (`search_codebase`), triggering AI-generated code fixes (`trigger_fix`), and rolling back production deployments (`rollback_deploy`). While these actions are consistent with the stated purpose and the instructions explicitly require user confirmation for destructive actions, the broad access to production environments and source code via the `INARIWATCH_TOKEN` constitutes a significant security risk. No explicit evidence of malicious intent, data exfiltration, or obfuscation was found in SKILL.md or _meta.json, but the potential for high-impact autonomous actions warrants a cautious classification.

能力评估

✓ Purpose & Capability

The skill is an InariWatch integration that claims to monitor many platforms and perform remediations; requiring a single INARIWATCH_TOKEN is consistent because the backend service is expected to hold downstream integrations and credentials. No unrelated credentials or binaries are requested.

ℹ Instruction Scope

SKILL.md instructs the agent to query alerts, trigger fixes, rollback deploys, read and reindex codebases, and modify the user's ~/.openclaw/openclaw.json or run openclaw mcp commands. These are within the stated remediation/monitoring scope, but several actions are destructive (trigger_fix, rollback_deploy) — the doc correctly advises explicit user confirmation before performing them.

ℹ Install Mechanism

There is no registry install spec (instruction-only). The README suggests running `npx @inariwatch/mcp init` which will download and run code from the npm registry at runtime — a legitimate but higher-risk action than pure configuration. Verify the npm package name and publisher before running.

✓ Credentials

Only INARIWATCH_TOKEN is required and declared as primary; this is proportional because the InariWatch service likely brokers access to downstream platforms. No unrelated secrets or extra environment variables are requested.

✓ Persistence & Privilege

always:false and user-invocable:true (normal). The skill's setup steps modify the user's OpenClaw MCP config (~/.openclaw/openclaw.json) or call openclaw mcp set — modifying the agent's config is expected for an integration and is documented. No unusual permanent privileges or cross-skill config writes are requested.

版本历史

v1.0.0

Initial release of InariWatch skill: Autonomous AI-driven monitoring and code remediation. - Query status, error trends, and uptime across deployments and integrations. - Diagnose root causes, assess PR risk, and search for community or past fixes. - Trigger AI-powered fixes, roll back deployments, silence/acknowledge/reopen alerts, and simulate/verify remediations. - Add and manage uptime monitors, search or reindex codebases, and chat with your infrastructure. - All actions require explicit user confirmation for destructive operations, with safety and rate limits enforced. - Setup via InariWatch token with OpenClaw, CLI, or manual configuration.

元数据

Slug inariwatch

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题

Openclaw Skill 是什么？

AI monitoring that fixes your code — query alerts, trigger remediations, rollback deploys, chat with your infrastructure. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 72 次。

如何安装 Openclaw Skill？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install inariwatch」即可一键安装，无需额外配置。

Openclaw Skill 是免费的吗？

是的，Openclaw Skill 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Openclaw Skill 支持哪些平台？

Openclaw Skill 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Openclaw Skill？

由 Jesus Bernal（@orbita-pos）开发并维护，当前版本 v1.0.0。

Openclaw Skill