← 返回 Skills 市场
Server Monitor Collector
作者
freepengyang
· GitHub ↗
· v1.0.0
· MIT-0
55
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install server-monitor-collector
功能描述
Collect server monitoring data (Zabbix / Prometheus / Alibaba / Tencent / Huawei Cloud), generate CSV/XLSX reports and send via email or Feishu.
功能分析
Type: OpenClaw Skill
Name: server-monitor-collector
Version: 1.0.0
The skill bundle contains multiple scripts with hardcoded sensitive credentials and specific infrastructure targets, likely originating from a leaked or poorly sanitized internal tool. Notable indicators include hardcoded Zabbix credentials and a specific URL (zabbix.ops.qiyujoy.com) in scripts/zabbix_cron.py and scripts/zabbix_monitor.py, as well as hardcoded Alibaba Cloud Access Keys (LTAI5t9rEAm36j2kRinX5Yut) in scripts/aliyun_monitor.py. Additionally, a hardcoded Feishu Chat ID (oc_26aa4b60c17dc842e987777295396955) is present in scripts/zabbix_cron.py, which could lead to the unauthorized transmission of server monitoring data to an external third-party endpoint if the user does not override these values in their local environment configuration.
能力标签
能力评估
Purpose & Capability
Functionality (Zabbix, Prometheus, Alibaba/Tencent/Huawei, email/Feishu) aligns with the description, but the skill metadata declares no required env vars while the scripts clearly expect many secret credentials. Additionally several scripts contain hardcoded default credentials/endpoints (e.g., ZABBIX_URL pointing to zabbix.ops.qiyujoy.com and default ZABBIX_PASSWORD), which is inconsistent with a skill that should only contact user-configured systems.
Instruction Scope
SKILL.md instructs using ~/.hermes/.env and scheduling the main cron; the bundled scripts read environment variables and will auto-detect sources. However code also reads/writes absolute paths under /root/.hermes, and several files contain hardcoded FEISHU_CHAT_ID and default cloud keys/endpoints. The runtime instructions therefore permit (and the code will perform) network calls and potential data disclosure to defaults if the user does not explicitly set their own env vars — broader scope than the metadata indicates.
Install Mechanism
There is no external download — all scripts and reference files are bundled (file installs). That lowers install risk. The scripts require common Python libraries (openpyxl, pandas, httpx, aliyun SDK optionally) which the SKILL.md documents; no opaque remote installers or URL downloads were used. Still, the package includes multiple fairly large scripts with embedded defaults that should be reviewed.
Credentials
Metadata declared no required environment variables, but the skill actually expects many secrets (ZABBIX_URL/TOKEN or user/password, ALIBABA_ACCESS_KEY_ID/SECRET, TENCENT_SECRET_ID/KEY, HUAWEI_ACCESS_KEY/SECRET, SMTP_* , FEISHU_CHAT_ID, etc.) communicated via ~/.hermes/.env or loaded via dotenv. Worse, default secret-like values and keys are present in code (e.g., Alibaba/Alibaba LTAI and SK defaults, Zabbix default password, FEISHU_CHAT_ID), which is disproportionate and risky because missing user config causes the scripts to use those defaults and reach external endpoints.
Persistence & Privilege
The skill does not request 'always: true' and can be invoked by the user, but several scripts use absolute paths under /root (e.g., /root/.hermes/cron/output/* and /root/.hermes/.env). This implies the code expects to run as root or will write to root-owned locations, which is surprising and raises privilege/persistence concerns (unexpected file writes, need to run as root, or failure with possibly inconsistent behavior). The scripts also provide a 'hermes cron create' example which would schedule recurring runs — normal for cron but combine with hardcoded defaults increases blast radius.
scan_findings_in_context
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install server-monitor-collector - 安装完成后,直接呼叫该 Skill 的名称或使用
/server-monitor-collector触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: Zabbix + Alibaba/Tencent/Huawei Cloud monitoring. Auto-generates CSV/XLSX reports. Supports Feishu and email notifications. TOP50 host ranking. ClawHub and Hermes compatible.
元数据
常见问题
Server Monitor Collector 是什么?
Collect server monitoring data (Zabbix / Prometheus / Alibaba / Tencent / Huawei Cloud), generate CSV/XLSX reports and send via email or Feishu. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 55 次。
如何安装 Server Monitor Collector?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install server-monitor-collector」即可一键安装,无需额外配置。
Server Monitor Collector 是免费的吗?
是的,Server Monitor Collector 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Server Monitor Collector 支持哪些平台?
Server Monitor Collector 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Server Monitor Collector?
由 freepengyang(@freepengyang)开发并维护,当前版本 v1.0.0。
推荐 Skills