← Back to Skills Marketplace
43622283

Li Sentry Check

by Terry S Fisher · GitHub ↗ · v0.4.0 · MIT-0
cross-platform ⚠ suspicious
56
Downloads
0
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install li-sentry-check
Description
Multi-platform server inspection and health check skill. SSH into remote Linux servers using key-based authentication, run read-only inspection commands (CPU...
README (SKILL.md)

li_sentry_check

Multi-platform server inspection and health check via SSH.

Security Declaration

This skill is strictly read-only and does NOT:

  • ❌ Modify any server configuration
  • ❌ Install or remove software
  • ❌ Restart or stop services
  • ❌ Write to any file on the remote server
  • ❌ Exfiltrate data to external services
  • ❌ Access local files other than: references/targets.yaml, references/checks.yaml, and the SSH private key specified in keyPath
  • ❌ Make any network connections other than SSH to the target server specified in targets.yaml
  • ❌ Execute arbitrary commands — only commands from references/checks.yaml are allowed

This skill ONLY:

  • ✅ Reads system information via predefined read-only commands
  • ✅ Generates a local Markdown/JSON report
  • ✅ Connects to ONE remote server via SSH using the key specified in targets.yaml

Overview

Read-only inspection of remote Linux hosts over SSH using a dedicated key. Collects system metrics, service status, security events, and generates a structured Markdown report with anomaly highlighting.

Platform Support

Platform Script Runtime
OpenClaw scripts/inspect.mjs Node.js 24+
NanoBot scripts/inspect.py Python 3.10+
Hermes scripts/inspect.py Python 3.10+

Safety (Default Deny)

  • Only run commands defined in references/checks.yaml
  • No state-changing commands (no installs, no config edits, no restarts)
  • Only SSH key authentication (no passwords)
  • BatchMode=yes — non-interactive SSH only

Config

  • Targets: references/targets.yaml
  • Allowed checks: references/checks.yaml

How To Run

NanoBot / Hermes (Python)

python3 scripts/inspect.py --target bogon --checks daily

OpenClaw (Node.js)

node scripts/inspect.mjs --target bogon --checks daily

Options

Option Description Default
--target Target name from targets.yaml (required)
--checks Check group: basic, services, daily basic
--format Output format: markdown, json markdown
--output Write report to file instead of stdout stdout

Check Groups

Group Description
basic Hardware resources: CPU, memory, disk, network
services Service status and error logs (from targets.yaml)
daily Full inspection: basic + services + security + logs

Extending

  1. Add target: Edit references/targets.yaml
  2. Add checks: Edit references/checks.yaml
  3. Add check group: Define new group in checks.yaml

SSH Key Setup

# Generate key pair
ssh-keygen -t rsa -b 4096 -f ~/.ssh/li_sentry_check -N ""

# Copy to remote server
ssh-copy-id -i ~/.ssh/li_sentry_check.pub inspector@\x3CSERVER_IP>

# Test connection
ssh -i ~/.ssh/li_sentry_check inspector@\x3CSERVER_IP>

Security Best Practices

  • Key permissions: chmod 600 ~/.ssh/li_sentry_check
  • Host verification: For production, pre-populate known_hosts instead of accept-new
  • Service names: Only alphanumeric, hyphens, underscores allowed (validated before use)
  • Command allowlist: Never modify checks.yaml with state-changing commands
  • Report handling: Reports may contain system data — do not share publicly

Report Output

Reports are generated in Markdown format with:

  • Summary section: Overall health status, anomaly count
  • Anomaly section: ⚠️ Highlighted issues requiring attention
  • Normal section: Collapsible normal check results
  • Details: Full command output for each check

Architecture

li_sentry_check/
├── SKILL.md                  # This file
├── _meta.json                # Skill metadata
├── references/
│   ├── targets.yaml          # Target server configuration
│   └── checks.yaml           # Command allowlist
└── scripts/
    ├── inspect.mjs           # Node.js implementation (OpenClaw)
    └── inspect.py            # Python implementation (NanoBot/Hermes)
Usage Guidance
The skill's documentation describes a reasonable read-only SSH inspection tool, but you should NOT install or run it without first auditing the implementation in scripts/inspect.py and scripts/inspect.mjs. Specifically: 1) Confirm the scripts strictly enforce the checks.yaml command allowlist and validate service/command inputs (no shell interpolation or shell=True usage). 2) Search the scripts for outgoing network activity (HTTP requests, sockets, DNS lookups) and any hard-coded remote endpoints — the SKILL.md forbids exfiltration but only code review can verify it. 3) Verify the code only reads the SSH private key for making an SSH connection and does not transmit the key or other sensitive files. 4) Check subprocess usage for shell=True, unsanitized command building, or use of user-provided values directly in commands. 5) Run the scripts in an isolated environment (container or VM) against a test server first, and confirm observed network traffic matches only the expected SSH session. 6) Ensure targets.yaml and checks.yaml contain only the hosts/commands you expect, and enforce strict filesystem permissions on your private key (chmod 600). If you cannot or will not review the script sources, treat this package as untrusted.
Capability Analysis
Type: OpenClaw Skill Name: li-sentry-check Version: 0.4.0 The li-sentry-check skill is a legitimate server inspection tool designed to perform health checks on remote Linux hosts via SSH. It implements several security best practices, including a strict command allowlist in `references/checks.yaml`, input validation for service names to prevent shell injection in both `scripts/inspect.mjs` and `scripts/inspect.py`, and explicit read-only constraints. The code is transparent, well-documented, and lacks any indicators of data exfiltration, persistence, or malicious intent.
Capability Tags
cryptorequires-walletcan-make-purchasesrequires-sensitive-credentials
Capability Assessment
Purpose & Capability
The declared purpose (SSH-based, read-only server inspection) aligns with the files and documentation: targets.yaml/checks.yaml, SSH key usage, and scripts for Node/Python implementations are expected. The skill does not request unrelated cloud credentials or unusual config paths in its metadata, which is coherent with its stated purpose.
Instruction Scope
SKILL.md tightly constrains runtime behavior (allowlist of commands from references/checks.yaml, key-based SSH, non-interactive BatchMode, single target). However the actual enforcement of these constraints depends on the implementation in scripts/inspect.py and scripts/inspect.mjs. Those script sources were not provided in the review excerpt, so we cannot confirm they actually implement strict allowlisting, prevent network connections other than the target, avoid reading unrelated files or environment variables, or avoid exfiltration. The SKILL.md explicitly allows reading the SSH private key at keyPath and the two references files — reading the private key is necessary for SSH but is sensitive and worth auditing in the code path that uses it.
Install Mechanism
No install spec is present (instruction-only), which means nothing is downloaded or installed automatically by the registry. This is lower-risk than remote installers. The skill does include executable scripts which will be run by the agent/platform at invocation rather than installed system-wide.
Credentials
No environment variables, special config paths, or credentials are declared in registry metadata — appropriate for an SSH-key-based inspection tool. That said, because the implementation code was not inspected here, it is unknown whether the scripts read additional environment variables or unexpected files at runtime. The declared requirement to read the SSH private key from keyPath is proportionate but is a sensitive operation that should be implemented carefully (proper file permissions, no logging of the key).
Persistence & Privilege
The skill does not request always:true and is user-invocable only; it does not claim to persistently modify agent configuration or system-wide settings. That is proportionate for this functionality.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install li-sentry-check
  3. After installation, invoke the skill by name or use /li-sentry-check
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.4.0
- Added support for specifying output format (Markdown or JSON) and writing reports to a file in both Python and Node.js scripts. - Expanded and clarified CLI option documentation in SKILL.md, including additional explanations for --format and --output. - Improved help and argument validation for both scripts: now shows usage and validates input options more robustly. - No breaking changes; existing usage remains compatible.
v0.3.0
- Added an explicit Security Declaration section to SKILL.md, clarifying strict read-only operations and listing prohibited behaviors. - Documented exactly which files and connections are accessed, improving auditability. - No changes were made to functionality; this release improves documentation and transparency for security review.
v0.2.0
li-sentry-check v0.2.0 - No file changes detected in this release. - Documentation and skill usage remain unchanged from the previous version.
v0.1.0
Initial release of li_sentry_check: A multi-platform, read-only server inspection and health check tool over SSH. - Supports Linux server checks via SSH key authentication with no state changes. - Compatible with NanoBot, OpenClaw, and Hermes (Python and Node.js implementations). - Checks CPU, memory, disk, network, services, security, and more, outputting structured Markdown reports with anomaly highlighting. - Extensible via YAML files for targets, checks, and check groups. - Strict security: only allowlist commands, SSH key login, and no password support. - Detailed documentation provided in SKILL.md, including usage, extension, and best practices.
Metadata
Slug li-sentry-check
Version 0.4.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 4
Frequently Asked Questions

What is Li Sentry Check?

Multi-platform server inspection and health check skill. SSH into remote Linux servers using key-based authentication, run read-only inspection commands (CPU... It is an AI Agent Skill for Claude Code / OpenClaw, with 56 downloads so far.

How do I install Li Sentry Check?

Run "/install li-sentry-check" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Li Sentry Check free?

Yes, Li Sentry Check is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Li Sentry Check support?

Li Sentry Check is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Li Sentry Check?

It is built and maintained by Terry S Fisher (@43622283); the current version is v0.4.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463368 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259467 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200457 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191163 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190189 · by oswalpalash

💬 Comments