← 返回 Skills 市场
Sre Publish
作者
Diego Vieira
· GitHub ↗
· v1.0.2
· MIT-0
99
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install openclaw-aws-sre-report
功能描述
AWS SRE health check with FinOps — queries CloudWatch, SQS DLQ, and Cost Explorer, generates a Bedrock-powered incident diagnosis (Contexto, Soluções, CTAs),...
安全使用建议
This package appears to implement the described AWS SRE + FinOps reporter, but proceed carefully. Key things to review before installing or running: 1) Credential handling — the code uses AWS SDK calls but the skill doesn't list AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY; ensure you supply credentials safely (instance role or environment vars) and avoid embedding long-lived keys in the skill config. 2) Data exposure — the reporter peeks at a DLQ message and will include findings in a Telegram message; if your DLQ can contain PII or secrets, disable the DLQ peek or send reports to a tightly controlled private chat only. 3) IAM permissions — follow least-privilege: only grant cloudwatch:GetMetricStatistics, sqs:GetQueueAttributes/ReceiveMessage (for the DLQ ARN), ce:GetCostAndUsage, and bedrock:InvokeModel as needed; test in a non-production account first. 4) Bedrock output risk — the model is instructed to include real CLI commands; models can hallucinate ARNs or unsafe steps despite guidance, so review any generated CTAs before executing them. 5) Fix the primaryEnv/requirements mismatch in config or SKILL.md (AWS_REGION is not a secret/credential) so expectations about where credentials come from are clear. If you cannot accept the DLQ->Telegram behavior or cannot tightly control the Telegram destination and IAM scope, do not install/run this skill.
能力评估
Purpose & Capability
The code, dependencies, and declared env vars align with an AWS SRE/FinOps reporter (CloudWatch, SQS, Cost Explorer, Bedrock, Telegram). One oddity: primaryEnv is set to AWS_REGION — region is not a credential. The SDK calls will still require AWS credentials (IAM role or AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY) but those credentials are not listed as required envs.
Instruction Scope
Runtime instructions and code deliberately peek at a DLQ message and include it in a Bedrock-powered incident report which is then always sent to Telegram (SKILL.md requires sending even if Bedrock/Cost Explorer fail). That behavior is coherent with the stated purpose (diagnosis + CTAs) but it creates a clear privacy/exfiltration vector: any sensitive payload in the DLQ could be transmitted to an external Telegram chat. The SKILL.md does instruct 'Never delete DLQ messages' and 'peek only', but peeking plus reporting to an external endpoint is still data exfiltration risk that must be acknowledged.
Install Mechanism
No install spec is provided (instruction-only skill for the platform), but the package contains source and a normal package.json with standard aws-sdk dependencies. Nothing is downloaded from arbitrary URLs or obfuscated; Node >=20 and the official AWS SDK packages are used.
Credentials
Declared required env vars (TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID, DLQ_URL, AUDIO_QUEUE_URL, LAMBDA_FUNCTIONS, AWS_REGION) are appropriate for the purpose. However: (1) the skill requires AWS API access (CloudWatch, SQS, Cost Explorer, Bedrock) but does not declare AWS credentials (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_PROFILE) — it implicitly expects instance profile or out-of-band credentials; this mismatch could surprise users. (2) Posting DLQ message contents to Telegram may expose sensitive data; TELEGRAM_BOT_TOKEN and TELEGRAM_CHAT_ID are sensitive and must be protected.
Persistence & Privilege
The skill does not request always:true or any elevated platform persistence. It does not modify other skills or system-wide settings. Autonomous invocation is allowed by default (normal for skills) but not combined with other high-risk flags.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-aws-sre-report - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-aws-sre-report触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
v1.0.2: Rescan after ClawHUB fix for .ts MIME type misdetection (openclaw/clawhub#1648).
v1.0.1
v1.0.1: Remove test artifacts and package-lock from published files. Security scan: CLEAN.
v1.0.0
Initial release: Easily run AWS SRE health checks with FinOps analysis and Telegram reporting.
- Queries AWS resources (CloudWatch, SQS DLQ, Lambda, Cost Explorer)
- Uses Amazon Bedrock for automated incident diagnosis
- Generates a structured, actionable SRE report (including context, findings, CTAs)
- Delivers results directly to Telegram chat
- Gracefully handles missing or delayed AWS data; ensures safe, “read-only” checks
- Simple configuration via environment variables
元数据
常见问题
Sre Publish 是什么?
AWS SRE health check with FinOps — queries CloudWatch, SQS DLQ, and Cost Explorer, generates a Bedrock-powered incident diagnosis (Contexto, Soluções, CTAs),... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 99 次。
如何安装 Sre Publish?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-aws-sre-report」即可一键安装,无需额外配置。
Sre Publish 是免费的吗?
是的,Sre Publish 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Sre Publish 支持哪些平台?
Sre Publish 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Sre Publish?
由 Diego Vieira(@vieiradiego)开发并维护,当前版本 v1.0.2。
推荐 Skills