ClawAudit verdict
grafana-lens
Grafana monitoring and visualization reference skill; no credential access or network calls shown in visible content, purely a documentation and query guide.
⚠ Flagged for review — coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.
Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
Findings (11)
References sudo — requests elevated privileges
README.md · code · sudo
Possible hardcoded credential
src/config.test.ts · prose · downgraded · apiKey: "glsa_test
Instruction-prose smuggling shape detected: collects a sensitive target ("credential") and emits it outward ("include"). Phrased as prose with no trigger tokens — a semantic prompt-injection / data-exfil pattern the syntactic scanners can't see. Final tier capped at Caution; review the instructions before installing.
SKILL.md · **When**: Trigger whenever the user mentions data collection, metrics pipeline, log forwarding, trace collection, infrastructure monitoring, database monitoring
Accesses OpenClaw config/secrets directly
README.md · prose · downgraded · ~/.openclaw/openclaw.json
Uses exec() — may execute shell commands
src/alloy/pipeline-helpers.ts · prose · downgraded · exec(
Dynamic import() — loads module at runtime
src/alloy/pipeline-store.test.ts · prose · downgraded · import("
Instructs covert action — may act without user awareness
src/services/custom-metrics-store.ts · prose · downgraded · silently
References webhook/callback URL
SKILL.md · prose · downgraded · webhookUrl
Base64 encoding/decoding
README.md · prose · downgraded · base64-encode
Popular HTTP library — network access
src/alloy/config-builder.ts · prose · downgraded · got
Accesses sensitive environment variables
src/config.ts · prose · downgraded · process.env.GRAFANA_SERVICE_ACCOUNT_TOKEN
Permissions & capabilities
No declared permissions — minimal attack surface.
Is this flag fair?
Thanks — recorded.