← Back to Skills Marketplace

Skill Sentinel

Name: Skill Sentinel
Author: mike007jd

by mike007jd · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ Security Clean

153

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install skill-sentinel

Description

Scan OpenClaw skill directories for high-signal security risks such as download-and-execute chains, obfuscated execution, and suspicious callbacks.

Usage Guidance

ClawShield appears to be what it says: a local static scanner implemented in Node. Before installing or running it: 1) Be aware it will read text files in the target directory and will include matching line snippets (up to 160 chars) in outputs—this can surface secrets if you point it at repos containing .env or other secrets. Avoid scanning directories with sensitive credentials unless you run the tool in a safe, isolated environment. 2) The tool supports suppressions stored in .clawshield-suppressions.json but only honors entries with non-empty justifications—review suppressions carefully before relying on them in CI. 3) There are no network calls or credentials requested by the tool itself, and it doesn't modify other skills or system settings. If you plan to automate this in CI, ensure SARIF/JSON outputs are consumed only by trusted systems and that you don't inadvertently expose scanned content publicly.

Capability Analysis

Type: OpenClaw Skill Name: skill-sentinel Version: 1.0.0 ClawShield is a static security scanner designed to detect high-risk patterns in OpenClaw skills, such as download-and-execute chains, obfuscated code, and social engineering prompts. The bundle includes intentional security violations within a `fixtures/` directory (e.g., `fixtures/malicious-skill/scripts/install.sh` and `fixtures/malicious-skill/SKILL.md`) specifically for testing its detection logic. The core implementation in `src/index.js` is a straightforward regex-based scanner, and the instructions in `SKILL.md` are consistent with its stated purpose as a security utility.

Capability Assessment

✓ Purpose & Capability

The skill is described as a static scanner for risky skill patterns and the code implements exactly that. The declared required binary (node) and the CLI entrypoint (bin/clawshield.js -> src/index.js) are appropriate. The included fixtures and tests exercise the scanner behavior, which is consistent with the description.

ℹ Instruction Scope

The SKILL.md instructs running the CLI to scan a skill directory and to use suppressions and SARIF output—this matches the implementation. One relevant scope detail: the scanner will read files it deems text, and it explicitly includes a top-level .env file in scans. The tool captures snippets of matching lines (up to 160 chars) and will therefore surface contents of files it reads. The README/SKILL.md do not explicitly warn that .env will be scanned or that sensitive secrets might appear in outputs, so users should avoid pointing the scanner at directories containing secrets if those outputs will be shared.

✓ Install Mechanism

No install spec is provided (instruction-only skill) and the code bundle is contained in the skill. There are no remote downloads or archive extracts performed by installation. Running the tool requires only Node.js, which is reasonable for a Node-based CLI.

✓ Credentials

The skill requests no environment variables, credentials, or config paths. This is proportionate to a local static scanner.

✓ Persistence & Privilege

The skill does not request always:true and does not attempt to modify other skills or system configuration. It is user-invocable and can run autonomously by an agent (the platform default), which is appropriate for a CLI scanner.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install skill-sentinel
After installation, invoke the skill by name or use /skill-sentinel
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release. Static security scanner for OpenClaw skill directories with risk scoring, SARIF export, and CI-friendly checks.

Metadata

Slug skill-sentinel

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Skill Sentinel?

Scan OpenClaw skill directories for high-signal security risks such as download-and-execute chains, obfuscated execution, and suspicious callbacks. It is an AI Agent Skill for Claude Code / OpenClaw, with 153 downloads so far.

How do I install Skill Sentinel?

Run "/install skill-sentinel" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Skill Sentinel free?

Yes, Skill Sentinel is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Skill Sentinel support?

Skill Sentinel is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Skill Sentinel?

It is built and maintained by mike007jd (@mike007jd); the current version is v1.0.0.

More Skills