📦 grafana-inspector — 自动巡检
v1.0.0自动抓取 Grafana 仪表盘截图与 API 数据,一键批量巡检多实例,智能发现新仪表盘并生成报告,异常实时告警。
0· 171·0 当前·0 累计
by 下载技能包
最后更新
2026/4/20
安全扫描
OpenClaw
可疑
medium confidenceNULL
评估建议
This skill is plausibly what it claims to be, but review and fix a few things before running it in production:
- Configuration: The SKILL.md and config.example.json use keys like "dashboard_uids" and "discover_limit", but the included scripts/config.json uses different keys (e.g., "dashboard_uid"). Fix or reconcile the config file so the scripts read the intended fields.
- Credentials: Provide a Grafana API key with the minimum necessary permissions (Viewer) and store config.json securely. The ...详细分析 ▾
ℹ 用途与能力
Name/description match the code: scripts call Grafana API endpoints, discover dashboards, generate reports and screenshots. The set of files and code are consistent with a Grafana inspection tool. There are no unrelated external services or unexpected credential requests.
⚠ 指令范围
SKILL.md instructs editing config.json and running the Python scripts, which is expected. However: (1) some troubleshooting text and comments mention Feishu (飞书) integration, but no code that posts to external document/chat endpoints was found — this is likely leftover documentation but creates confusion; (2) requests calls in inspection_report.py use verify=False (TLS verification disabled), which is a security risk (man-in-the-middle) and should be intentional only for internal/trusted networks; (3) the provided scripts, example config, and included config.json are inconsistent (keys like dashboard_uids vs dashboard_uid, discover_limit present in example but missing in the included config.json), which can cause incorrect behavior or user misconfiguration; (4) the displayed api_inspect.py snippet in the listing appears truncated (syntax cut mid-token) — if the shipped file contains such truncation it would raise import/runtime errors. These issues broaden the runtime scope beyond what's documented and increase risk of mistakes.
✓ 安装机制
Instruction-only skill (no install spec). The code is shipped with the skill; no remote downloads or package installs are performed automatically. This is lower risk from an install mechanism perspective.
ℹ 凭证需求
The tool requires Grafana credentials (API key or username/password) to function — this is expected and proportionate. The skill requires no platform environment variables or unrelated credentials. Note: credentials are read from a local config file (config.json) rather than environment variables; make sure you store the API key with least-privilege (Viewer) and protect the file. Also note the mismatch between SKILL.md/example config keys and the included config.json which may lead to misconfiguration and accidentally leaving credentials in the wrong file or location.
✓ 持久化与权限
always is false and the skill does not request any special platform persistence or modify other skills. It writes report files to the working directory (screenshots/reports), which is expected behavior for a reporting tool.
⚠ scripts/config.json:2
Install source points to URL shortener or raw IP.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/17
NULL
● 可疑
安装命令
点击复制官方npx clawhub@latest install grafana-inspector
镜像加速npx clawhub@latest install grafana-inspector --registry https://cn.longxiaskill.com