← Back to Skills Marketplace
atlaspa

Openclaw Sentry

by AtlasPA · GitHub ↗ · v1.0.2
darwinlinuxwin32 ⚠ suspicious
1593
Downloads
1
Stars
4
Active Installs
3
Versions
Install in OpenClaw
/install openclaw-sentry
Description
Scan workspace files for leaked secrets: API keys, tokens, passwords, private keys, and credentials. Detects AWS, GitHub, Slack, Stripe, OpenAI, Anthropic, Google, Azure keys and more. Free alert layer — upgrade to openclaw-sentry-pro for automated redaction, quarantine, and defense.
Usage Guidance
This skill will scan and can modify files in whatever workspace you point it at. Before installing or running it: 1) Verify provenance — the package has no homepage and an unknown source; prefer code from a known repository or author. 2) Inspect the bundled scripts/sentry.py yourself (you have it) to confirm behaviors you accept — especially redact/quarantine/defend commands that move or overwrite files. 3) Run in a safe environment first (copy of workspace, container, or test folder) and run only read-only commands like 'scan' or 'status' before using 'redact'/'quarantine'. 4) Backup the workspace before any destructive commands. 5) If you expect only an 'alert-only' tool, ask the maintainer why redaction/quarantine features are present in the free bundle or obtain a version that is strictly read-only. 6) If you need help auditing specific functions in the script (redact/quarantine/defend), share those code snippets and I can summarize exactly what they will change.
Capability Analysis
Type: OpenClaw Skill Name: openclaw-sentry Version: 1.0.2 The OpenClaw Sentry skill is a security tool designed to scan for, redact, quarantine, and defend against leaked secrets within an agent's workspace. The Python script `sentry.py` implements these features using only standard library modules, with no external dependencies or network calls. While it performs powerful file modifications (redacting secrets, moving files to quarantine, updating .gitignore), these actions are explicitly part of its stated defensive purpose and include safeguards like creating backups. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts designed to harm the agent or system. The skill's capabilities are aligned with its security objective.
Capability Assessment
Purpose & Capability
Name/description match the included functionality (workspace secret scanning) and the only required binary is python3 — that is coherent. However the published description advertises a 'free alert layer' with redaction/quarantine/defense behind a paid upgrade, while the included script exposes commands (redact, quarantine, unquarantine, defend, protect) that perform modifications locally. The presence of destructive/defensive features inside a skill advertised as 'alert only' is an unexplained mismatch.
Instruction Scope
SKILL.md instructs running scripts/sentry.py against a workspace, which is consistent with scanning. But the documented commands include redact/quarantine/defend/protect in addition to scan/check/status — these operations will modify, move, or write files inside the workspace (create .quarantine, modify files for redaction, potentially write .gitignore or policy files). The instructions also auto-detect a workspace from OPENCLAW_WORKSPACE or default paths, meaning the skill can be pointed at broad directories; confirm you understand which path will be scanned and modified.
Install Mechanism
No install spec (instruction-only) and the only required runtime is python3. The code file is bundled inside the skill (scripts/sentry.py) and uses only Python standard library modules — there are no downloads or external install steps. This low-install footprint reduces supply-chain risk, provided the bundled code is trusted.
Credentials
The skill declares no required environment variables or credentials. The script will optionally read OPENCLAW_WORKSPACE (auto-detection) if not given an explicit --workspace; this is reasonable for workspace detection. It does not request cloud credentials or tokens to perform scanning/exfiltration (no network libraries observed).
Persistence & Privilege
The skill is not always:true and is user-invocable only, which is appropriate. However it intentionally writes to and reorganizes workspace content (quarantine directory, potential redactions, .gitignore/policy files). Those side effects are persistent and could remove or alter files. The skill does not require elevated platform privileges, but its file-modifying capabilities are powerful and should be run only with explicit user consent and backups.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install openclaw-sentry
  3. After installation, invoke the skill by name or use /openclaw-sentry
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
- Removed references to the paid "openclaw-sentry-pro" product and related upgrade information from documentation. - Simplified SKILL.md by deleting external promo links while clarifying core features. - No changes to skill functionality; updates are documentation-only.
v1.0.1
- Updated documentation in README.md for clarity and completeness. - No core functionality changes; code and features remain the same.
v1.0.0
Initial release of openclaw-sentry. - Scans agent workspace files for leaked secrets: API keys, tokens, passwords, private keys, and credentials. - Detects keys for AWS, GitHub, Slack, Stripe, OpenAI, Anthropic, Google, Azure, and more. - Provides commands for full scan, individual file check, and quick status summary. - Uses exit codes to indicate clean, warning, or critical findings. - Runs locally with no external dependencies; supports macOS, Linux, and Windows.
Metadata
Slug openclaw-sentry
Version 1.0.2
License
All-time Installs 4
Active Installs 4
Total Versions 3
Frequently Asked Questions

What is Openclaw Sentry?

Scan workspace files for leaked secrets: API keys, tokens, passwords, private keys, and credentials. Detects AWS, GitHub, Slack, Stripe, OpenAI, Anthropic, Google, Azure keys and more. Free alert layer — upgrade to openclaw-sentry-pro for automated redaction, quarantine, and defense. It is an AI Agent Skill for Claude Code / OpenClaw, with 1593 downloads so far.

How do I install Openclaw Sentry?

Run "/install openclaw-sentry" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Openclaw Sentry free?

Yes, Openclaw Sentry is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Openclaw Sentry support?

Openclaw Sentry is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin, linux, win32).

Who created Openclaw Sentry?

It is built and maintained by AtlasPA (@atlaspa); the current version is v1.0.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments