← 返回 Skills 市场
Monitoring Dashboard Audit
作者
Vahagn Madatyan
· GitHub ↗
· v1.0.0
· MIT-0
191
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install monitoring-dashboard-audit
功能描述
Monitoring infrastructure assessment covering Grafana dashboard analysis, PromQL query validation, alert rule evaluation, SLA/SLO reporting review, and Prome...
安全使用建议
This skill appears to be a legitimate read-only monitoring audit, but there are a few practical mismatches you should address before installing or running it:
- Environment variables and least privilege: The CLI examples use GRAFANA_TOKEN, GRAFANA_URL, PROM_URL/AM_URL, yet the skill metadata declares none. Confirm with the author which env vars are required and supply a token scoped to Viewer (Grafana) and minimal Prometheus access. Never provide admin-level tokens if Viewer/Read-only is sufficient.
- Local file access: The references include promtool commands targeting /etc/prometheus/*.yml. If you run the skill from an agent that has filesystem access, it could read local Prometheus configs. Ensure you only run the skill on hosts where such access is appropriate, or run the audit manually and share only the necessary artifacts.
- Notification/contact data: The skill lists API calls that enumerate contact points and silences. These responses can include contact details and comments — treat outputs as sensitive and avoid sending them to external endpoints.
- Autonomy and testing: Because this is an instruction-only skill, prefer to run it interactively the first time (not fully autonomous) and in a safe environment (staging read-only account) to verify the exact data it will access and the required env vars. Ask the publisher to update metadata to explicitly declare required env vars and any config paths the skill will read; that makes permission decisions explicit.
If the author cannot provide clear required-env metadata or insists on needing broad credentials or system-wide file access without justification, treat the skill as higher-risk and avoid installing it in production environments.
功能分析
Type: OpenClaw Skill
Name: monitoring-dashboard-audit
Version: 1.0.0
The monitoring-dashboard-audit skill bundle is a comprehensive tool for evaluating Grafana and Prometheus infrastructure. It provides structured procedures and reference commands (SKILL.md, cli-reference.md) for performing read-only assessments of dashboards, alert rules, and data source health. The logic is entirely consistent with its stated purpose, lacks any evidence of data exfiltration or malicious intent, and correctly identifies its safety tier as read-only.
能力评估
Purpose & Capability
The skill's name, description, and instructions are coherent for a Grafana/Prometheus monitoring audit: listing dashboards, extracting PromQL, validating alerts, and computing SLOs are expected operations. However, the skill's metadata declares no required environment variables or config paths while the runtime docs clearly assume GRAFANA_TOKEN, GRAFANA_URL, PROM_URL/AM_URL and possible local access to Prometheus config — a proportionality/declared-requirement mismatch.
Instruction Scope
SKILL.md and the CLI/reference docs confine actions to read-only API calls and promtool checks (no write endpoints shown). They instruct the agent to call Grafana APIs (using Bearer tokens), Prometheus APIs, and to run promtool against local files (e.g., /etc/prometheus/*.yml). These are relevant to the audit purpose, but referencing local filesystem paths and administrative config files expects elevated filesystem access that the metadata does not declare.
Install Mechanism
This is an instruction-only skill with no install spec and no code files. That minimizes supply-chain risk because nothing is downloaded or written to disk by the skill itself.
Credentials
The references/CLI examples rely on environment variables such as GRAFANA_TOKEN, GRAFANA_URL, PROM_URL, AM_URL and on promtool being available and able to access /etc/prometheus files. Yet the skill metadata lists no required env vars or config paths. The token and URL usage is expected for the purpose, but the omission from declared requirements is a coherence gap and could be abused or lead to accidental credential exposure if the operator supplies overly broad credentials.
Persistence & Privilege
The skill does not request always:true and does not claim persistent/privileged installation. Autonomous invocation is allowed (platform default) but not combined with other high-risk flags here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install monitoring-dashboard-audit - 安装完成后,直接呼叫该 Skill 的名称或使用
/monitoring-dashboard-audit触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release providing comprehensive audit of monitoring dashboards and infrastructure.
- Assesses Grafana dashboard inventory for staleness, organization, and coverage gaps.
- Analyzes PromQL queries for efficiency, label cardinality, and optimal usage of recording rules.
- Reviews alert rule coverage, threshold accuracy, evaluation intervals, and notification channel health.
- Validates SLA/SLO reporting, including error budget calculation accuracy and alignment with service documentation.
- Checks Prometheus data source health and alignment with network operations coverage requirements.
- Does not modify or create dashboards, alerts, or data sources—read-only assessment only.
元数据
常见问题
Monitoring Dashboard Audit 是什么?
Monitoring infrastructure assessment covering Grafana dashboard analysis, PromQL query validation, alert rule evaluation, SLA/SLO reporting review, and Prome... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 191 次。
如何安装 Monitoring Dashboard Audit?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install monitoring-dashboard-audit」即可一键安装,无需额外配置。
Monitoring Dashboard Audit 是免费的吗?
是的,Monitoring Dashboard Audit 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Monitoring Dashboard Audit 支持哪些平台?
Monitoring Dashboard Audit 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Monitoring Dashboard Audit?
由 Vahagn Madatyan(@vahagn-madatyan)开发并维护,当前版本 v1.0.0。
推荐 Skills