ReddRadar
Agent skill
create-config-scraper
Generate Mission Control ScrapeConfig YAML from natural language. Use when users ask to build a scraper, create a config scraper, or want YAML to scrape Kubernetes/AWS/GCP/Azure/SQL/HTTP/File/Exec/Logs/Slack/GitHub Actions/Trivy/Terraform sources.
Install this agent skill to your Project
npx add-skill https://github.com/flanksource/claude-code-plugin/tree/main/skills/create-config-scraper
SKILL.md
Config Scraper YAML Skill
Goal
Turn a user request into a valid ScrapeConfig YAML that can be applied in Mission Control.
How to Use
- Identify the scraper type(s) the user needs (kubernetes, exec, http, file, sql, logs, aws, gcp, azure, githubActions, slack, trivy, terraform).
- Ask only the minimum clarifying questions required to produce correct YAML (cluster/region, credentials source, namespace, schedule, filters, and output mapping).
- Produce a single ScrapeConfig YAML in a fenced code block. Keep it minimal and runnable.
- If the user mentions secrets, always use secret references (do not inline sensitive values).
- If a request cannot be expressed in a scraper type, explain the limitation and provide the closest working YAML (often via exec).
Inputs Checklist
- Target system and scraper type
- Credentials source (secret name + key, or connection name)
- Schedule (optional; omit if not specified)
Output Rules
- Output YAML only, in a single code block.
- Use
apiVersion: configs.flanksource.com/v1andkind: ScrapeConfig. - Set
metadata.nameto a short, unique slug.
Canonical Snippets
Kubernetes RBAC
RBAC extraction is automatic when these resources are watched — no transform needed:
apiVersion: configs.flanksource.com/v1
kind: ScrapeConfig
metadata:
name: k8s-rbac
spec:
kubernetes:
- clusterName: my-cluster
watch:
- apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
- apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
- apiVersion: rbac.authorization.k8s.io/v1
kind: Role
- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
- apiVersion: v1
kind: ServiceAccount
Kubernetes Audit Logs (Loki)
apiVersion: configs.flanksource.com/v1
kind: ScrapeConfig
metadata:
name: k8s-audit-logs
spec:
logs:
- name: k8s-audit
type: KubernetesAudit
loki:
url: http://loki.monitoring:3100
query: '{job="kube-audit"}'
fieldMapping:
id: ["responseStatus.metadata.uid"]
message: ["responseStatus.message"]
timestamp: ["stageTimestamp", "requestReceivedTimestamp"]
severity: ["responseStatus.code"]
AWS CloudTrail
apiVersion: configs.flanksource.com/v1
kind: ScrapeConfig
metadata:
name: aws-cloudtrail
spec:
aws:
- connection: connection://aws/credentials
region:
- us-east-1
cloudtrail:
maxAge: 7d
exclude:
- AssumeRole
- DecodeAuthorizationMessage
GCP Audit Logs
apiVersion: configs.flanksource.com/v1
kind: ScrapeConfig
metadata:
name: gcp-audit
spec:
gcp:
- project: my-project
connection: connection://gcp/credentials
auditLogs:
dataset: my-project.audit_dataset.cloudaudit_googleapis_com_activity
since: 30d
serviceNames:
- compute.googleapis.com
- iam.googleapis.com
principalEmails:
- "@my-org.com"
MSSQL Permissions (full: true)
See @skills/create-config-scraper/references/access-logs.md for the complete MSSQL example showing external_users, external_roles, and config_access extraction via CEL transforms.
apiVersion: configs.flanksource.com/v1
kind: ScrapeConfig
metadata:
name: mssql-scraper
spec:
full: true
sql:
- type: MSSQL::Logon
connection: connection://mssql/credentials
id: $.id
name: $.name
transform:
expr: |
# CEL transform emitting config, external_users, external_roles, config_access
# See access-logs.md reference for the full transform expression
Reference
Scraper Schema Map (Bundled)
Use the bundled per-scraper schemas below. Only open the schema for the requested scraper type(s).
- Kubernetes:
@skills/create-config-scraper/references/schemas/config_kubernetes.schema.json - Kubernetes file:
@skills/create-config-scraper/references/schemas/config_kubernetesfile.schema.json - Exec:
@skills/create-config-scraper/references/schemas/config_exec.schema.json - HTTP:
@skills/create-config-scraper/references/schemas/config_http.schema.json - File:
@skills/create-config-scraper/references/schemas/config_file.schema.json - SQL:
@skills/create-config-scraper/references/schemas/config_sql.schema.json - Logs:
@skills/create-config-scraper/references/schemas/config_logs.schema.json - AWS:
@skills/create-config-scraper/references/schemas/config_aws.schema.json - GCP:
@skills/create-config-scraper/references/schemas/config_gcp.schema.json - Azure:
@skills/create-config-scraper/references/schemas/config_azure.schema.json - Azure DevOps:
@skills/create-config-scraper/references/schemas/config_azuredevops.schema.json - GitHub Actions:
@skills/create-config-scraper/references/schemas/config_githubactions.schema.json - Slack:
@skills/create-config-scraper/references/schemas/config_slack.schema.json - Trivy:
@skills/create-config-scraper/references/schemas/config_trivy.schema.json - Terraform:
@skills/create-config-scraper/references/schemas/config_terraform.schema.json
Additional References
- Access Logs & RBAC:
@skills/create-config-scraper/references/access-logs.md - Config DB documentation: https://flanksource.com/docs/guide/config-db/llms.txt
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
flanksource/claude-code-plugin
write-canary-transformations
Write correct transform blocks for Mission Control canary checks including fan-out, inline, and generated canary patterns. Use when adding transformations to canary checks, splitting a single check into multiple results, modifying check output, or generating child canaries from discovered resources.
flanksource/claude-code-plugin
troubleshooting-health-checks
Debugs and troubleshoots Mission Control health checks by analyzing check configurations, reviewing failure patterns, and identifying root causes. Use when users ask about failing health checks, mention specific health check names or IDs, inquire why a health check is failing or unhealthy, or need help understanding health check errors and timeouts.
flanksource/claude-code-plugin
write-canary-tests
Write correct test blocks and assertions for Mission Control canary health checks. Use when creating canaries that need pass/fail conditions, adding test expressions, or writing assertions based on HTTP status, JSON response, exec output, or Kubernetes health.
flanksource/claude-code-plugin
troubleshooting-notifications
Investigates Mission Control notifications to identify root causes and provide remediation. Use when users mention notification IDs, ask about alerts or notifications, request help understanding "why did I get this notification", want to troubleshoot a specific alert, or ask about notification patterns and history. This skill retrieves notification details, analyzes historical patterns, routes to resource-specific troubleshooting (config items or health checks), correlates findings, and delivers actionable remediation steps with prevention recommendations.
flanksource/claude-code-plugin
troubleshooting-config-item
Troubleshoots infrastructure and application configuration items in Mission Control by diagnosing health issues, analyzing recent changes, and investigating resource relationships. Use when users ask about unhealthy or failing resources, mention specific config items by name or ID, inquire about Kubernetes pods/deployments/services, AWS EC2 instances/volumes, Azure VMs, or other infrastructure components. Also use when investigating why a resource is down, stopped, degraded, or showing errors, or when analyzing what changed that caused an issue.
flanksource/claude-code-plugin
promotion-eval-create
Create a promotion evaluation template for any system by gathering requirements through structured questions and generating a reusable evaluation skill. Use when users ask to create a promotion check, release readiness evaluation, environment health template, or want to build a custom evaluation workflow for systems beyond Mission Control.
Didn't find tool you were looking for?