安全扫描
OpenClaw
安全
high confidenceThe skill is internally coherent: it wraps a PromQL CLI, asks only for the expected binaries (promql and jq), and its runtime instructions stay within the stated purpose.
评估建议
This skill appears to do what it claims: it's a wrapper around the promql CLI and uses jq for output parsing. Before installing, verify you trust the upstream Go package (github.com/nalbury/promql-cli) by inspecting its repository or release page. Ensure you have promql and jq on PATH (or allow the go install / brew steps), and do not paste Prometheus tokens or passwords into chat — follow the SKILL.md guidance to create and protect `~/.promql-cli.yaml`/`~/.promql_token` yourself (chmod 600). No...详细分析 ▾
✓ 用途与能力
The name/description match the declared requirements: promql (the CLI) and jq (output processing) are exactly what a Prometheus/PromQL CLI skill needs. No unrelated credentials, binaries, or config paths are requested.
ℹ 指令范围
SKILL.md provides clear, scoped runtime instructions (how to run queries, error handling, and explicit guidance not to create config files on behalf of users). One minor inconsistency: SKILL.md references several `references/*` files (installation, usage, debugging, etc.) but the package manifest contains only SKILL.md — those reference files are not present in the bundle. This may mean the agent will not be able to read those local reference files and should instead link to upstream docs or ask the user.
✓ 安装机制
Install spec uses `go` to build github.com/nalbury/promql-cli (source-built Go package) and `brew` to install jq. Both are standard, traceable mechanisms; no arbitrary downloads or obscure URLs are present.
✓ 凭证需求
The skill requests no environment variables or credentials. It properly warns about storing tokens in `~/.promql-cli.yaml`/`~/.promql_token` and explicitly instructs the agent not to create or transmit those config files or secrets.
✓ 持久化与权限
The skill does not request permanent presence (always: false) and does not attempt to modify other skills or global agent settings. `disable-model-invocation` is false (normal), meaning the agent could call the skill autonomously — this is expected for a usable skill and not problematic here.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.1.22026/3/24
● 无害
安装命令
点击复制官方npx clawhub@latest install promql-cli
镜像加速npx clawhub@latest install promql-cli --registry https://cn.longxiaskill.com
技能文档
promql-cli (github.com/nalbury/promql-cli) is a Go CLI for querying, analyzing, and visualizing Prometheus metrics, plus PromQL fundamentals.
Reference Files
Read the relevant reference file(s) before executing tasks:
| File | When to read |
|---|---|
references/installation.md | User needs to install promql-cli or set up configuration (hosts, auth, token, password, multi-host) |
references/usage.md | User wants to discover metrics/exporters/labels, run queries, or choose output formats |
references/graphing.md | User wants to visualize Prometheus data as an ASCII chart in the terminal |
references/debugging.md | User is investigating a performance issue, latency, errors, or saturation |
references/promql-reference.md | User needs help writing PromQL, understanding metric types, functions, or aggregations |
references/usage.md. For PromQL help, read references/promql-reference.md. When debugging, read both references/debugging.md and references/promql-reference.md.Setup Check
Before running any query, verify that a host is configured:
promql 'up' # succeeds if host is reachable; fails with connection error if not configured
# or
promql --host xxx 'up'
Recognize these errors as a configuration/auth problem and refer to references/installation.md:
| Error | Cause |
|---|---|
dial tcp ... connection refused | No host running at the configured address |
dial tcp ... no such host | Hostname not resolved — wrong host in config |
error querying prometheus: ...401... | Bearer token missing or invalid |
error querying prometheus: ...403... | Token valid but insufficient permissions |
please specify an authentication type | Auth flags partially set — use config file instead |
"Please create~/.promql-cli.yamlmanually with your Prometheus host (and credentials if needed). Seereferences/installation.mdfor the exact format. Let me know once it's ready."
Only after the user confirms the config is in place should you proceed with queries.
Quick Command Reference
promql 'up' # instant query
promql 'rate(http_requests_total[5m])' --start 1h # range query (ASCII graph)
promql 'up' --output csv # CSV output
promql 'up' --output json # JSON output
promql metrics # list all metric names
promql labels # list labels for a metric
promql meta # show metric type and help
promql --config ~/.promql-cli-prod.yaml 'up' # target a specific host
键 Principles
- 使用
rate()在...上 counters, never raw values — raw counters 仅 ever increase; absolute 值 meaningless.rate()gives per-第二个 更改 rate, 哪个 什么 您 actually care 关于. - 当...时 debugging, isolate single instance — aggregating 穿过 replicas masks per-instance anomalies. single overloaded pod hidden 后面 healthy peers won't show up 在...中 averages.
- 过滤 early 带有 label matchers 在...中 innermost selector — Prometheus evaluates selectors 之前 functions, 所以 filtering late means scanning 所有 时间 series. Early filters 归约 data scanned 和 查询 latency.
- 对于 histograms, keep
le在...中由clause 之前histogram_quantile()— 函数 needs 所有lebuckets 到 interpolate percentiles; droppingleearly producesNaN或 wrong results. - Prefer
--输出 图形对于 range queries — ASCII sparklines convey trend direction (rising, falling, spiking) 在...中 compact 格式 LLMs 解析 well; raw 时间戳 tables require mental modeling. - Store credentials 在...中
~/.promql-cli.yaml和~/.promql_token, chmod 600 — passing tokens 作为 CLI args exposes them 在...中 shell history 和 process listings.
This skill is not exhaustive. Please refer to the official promql-cli documentation and examples for up-to-date information. Context7 can help as a discoverability platform.
If you encounter a bug or unexpected behavior in promql-cli itself, open an issue at https://github.com/nalbury/promql-cli/issues.