← 返回 Skills 市场
236
总下载
0
收藏
0
当前安装
4
版本数
在 OpenClaw 中安装
/install openclaw-cls-collector
功能描述
OpenClaw 可观测数据一键采集部署。当用户提到 OpenClaw 采集、CLS 采集部署、一键部署采集器时使用此 Skill。
安全使用建议
This skill aims to deploy OpenClaw to Tencent CLS and legitimately needs Tencent credentials to create resources — but it asks you to paste SecretId/SecretKey into the chat and to run a remotely-downloaded installer. Before installing or using this skill:
- Do not paste long-lived root or high-privilege keys into chat. Treat SecretId/SecretKey as sensitive secrets. Prefer running the provided curl command yourself in a terminal.
- Verify the installer URL (mirrors.tencent.com) and, if you run it, first download and inspect the file locally (cat /tmp/cls-openclaw-setup or open in an editor) before executing.
- Prefer creating a short-lived, least-privilege CAM key scoped only to the CLS resources needed, or use an isolated test account. Rotate or revoke the key after use.
- If you must provide credentials to an agent, ask whether the agent will store or transmit them; avoid sharing secrets in chat with tools that don't declare secret handling.
Given the mismatch between metadata and runtime behavior (no declared creds but instructions collect them) and the remote-execute pattern, proceed only if you can validate the installer and accept the risk, otherwise run the deployment locally yourself.
功能分析
Type: OpenClaw Skill
Name: openclaw-cls-collector
Version: 1.0.3
The skill requests sensitive Tencent Cloud credentials (SecretId and SecretKey) and executes a remote script downloaded via curl from mirrors.tencent.com. While these actions are consistent with the stated purpose of deploying observability services, the practice of handling raw cloud secrets and performing remote code execution via an AI agent is a high-risk pattern that could lead to credential exposure or unauthorized execution if the source or environment is compromised.
能力评估
Purpose & Capability
Requesting Tencent SecretId/SecretKey and a region is consistent with creating CLS resources. However, the skill metadata declares no required credentials or env vars while the runtime instructions explicitly ask the agent to collect sensitive credentials from the user — a mismatch between declared requirements and actual instructions.
Instruction Scope
The SKILL.md instructs the agent to directly prompt the user for SecretId and SecretKey in chat and then run a remote installer with those credentials. Collecting secrets via chat and transmitting them to a remote install command is broader and higher-risk than the metadata indicates. The instructions do not require the agent to inspect or validate the remote script before execution.
Install Mechanism
There is no install spec in the registry; at runtime the skill downloads an installer from https://mirrors.tencent.com/install/cls/openclaw/setup.sh and executes it. While mirrors.tencent.com appears to be an official Tencent mirror, downloading and executing a remote file is inherently risky — and the doc inconsistently calls the file a binary despite a .sh extension.
Credentials
The only sensitive items requested are Tencent SecretId/SecretKey, which are relevant to the task. However, those credentials are not declared in the skill metadata and the skill asks users to paste them into the chat, which is disproportionate compared with safer alternatives (e.g., asking the user to run the provided curl command locally or provide a short-lived, least-privilege key).
Persistence & Privilege
The skill does not request persistent presence (always:false) and does not modify other skills or system-wide config. Autonomous invocation is allowed (platform default) but the SKILL.md requires waiting for user-provided credentials before proceeding.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-cls-collector - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-cls-collector触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.3
Simplify output: default to key-input flow for testing, one-liner for production, remove risk signals from description
v1.0.2
Dashboard link is now shown only after successful deployment and topic creation, not during option selection
v1.0.1
Fix: setup is a binary executable, not a shell script. Changed from pipe-to-bash to download-then-execute workflow.
v1.0.0
Initial release: one-click observability data collection for OpenClaw via Tencent Cloud CLS
元数据
常见问题
OpenClaw CLS Collector 是什么?
OpenClaw 可观测数据一键采集部署。当用户提到 OpenClaw 采集、CLS 采集部署、一键部署采集器时使用此 Skill。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 236 次。
如何安装 OpenClaw CLS Collector?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-cls-collector」即可一键安装,无需额外配置。
OpenClaw CLS Collector 是免费的吗?
是的,OpenClaw CLS Collector 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
OpenClaw CLS Collector 支持哪些平台?
OpenClaw CLS Collector 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 OpenClaw CLS Collector?
由 trump(@trumphuang)开发并维护,当前版本 v1.0.3。
推荐 Skills