← Back to Skills Marketplace

sentryskills

Name: sentryskills
Author: zengbiaojie

by BiaoJie Zeng · GitHub ↗ · v1.0.1 · MIT-0

cross-platform ⚠ suspicious

120

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install sentryskills

Description

SentrySkills - Automatic security guard that runs on EVERY task. Protects against prompt injection, data leaks, unsafe commands, and code vulnerabilities wit...

Usage Guidance

What to check before enabling or installing: - Review the main runtime script: open shared/scripts/self_guard_runtime_hook_template.py (it's large). Confirm it does only local analysis and does not call remote endpoints or exfiltrate data. Search for network sockets, HTTP clients, or hardcoded URLs. - Understand what you will hand the guard: the SKILL.md requires providing absolute project_path, planned_actions, and candidate_response. These can include secrets or full file paths — consider whether you want that data sent to/processed by the guard. - Run it in a sandbox first: install into an isolated account/container and exercise its test scripts (test_integration.py, test_predictive_analysis.py) to see file writes and log output before enabling globally. - Inspect logging and storage: default log dir is ./sentry_skill_log/ and the code will attempt to write per-turn logs and a .self_guard_state directory. Ensure log locations and retention meet your privacy/policy requirements. - Check for optional telemetry: the code will integrate with structlog/prometheus/jsonschema if present. If you don't want metrics exported, ensure those libraries are not installed or check for any HTTP/remote push logic in the code. - Be careful with global activation: the package shows how to append a command to AGENTS.md to run the hook before every response — that gives the skill coverage over all agent outputs. Only enable globally if you trust the code and maintainers. - Source/trust: registry metadata shows no homepage and the owner id is opaque. Prefer packages with a public repository and an author you trust; if you proceed, verify the repository and commit history. If you want, I can scan the large runtime script for network calls, subprocess.exec usage, or other high-risk operations and summarize specific lines to review next.

Capability Assessment

ℹ Purpose & Capability

Name/description (always-on self-guard) match the included code: multiple scripts for preflight, runtime, and output stages are present. The package claims 'zero external dependencies' and the code defensively falls back when optional packages are missing (jsonschema, structlog, prometheus_client) — this is coherent. Minor mismatch: the top-level SKILL.md repeatedly says it 'runs on EVERY task' yet the skill metadata has always:false and activation requires a manual AGENTS.md change; this is a policy/activation mismatch but not necessarily malicious.

⚠ Instruction Scope

Runtime instructions require constructing an input JSON that must include an absolute project_path and planned_actions/candidate_response, running the self_guard_runtime_hook_template.py before every output, and writing structured logs (./sentry_skill_log/ by default). That means the guard expects (and will process) full prompt text, planned actions, and a project path — potentially exposing file-system paths and content. The instructions also say the agent should 'monitor file ops, network calls' — but the mechanism for live monitoring depends on the environment/instrumentation; absent such integration, the script will rely on the provided input and on filesystem access. Requiring absolute project_path and instructing fallback to writable temp dirs increases the chance the skill will read/write files outside the agent sandbox if enabled.

ℹ Install Mechanism

No install spec is provided in registry metadata (instruction-only), which is lower risk than arbitrary remote installers. However the package contains many code files (scripts, policies, templates) that will be placed on disk when the skill is installed. The README mentions installing from a GitHub repo or via a third-party CLI (clawhub) — those are manual flows outside the registry and should be examined separately. There is no evidence of downloads from untrusted URLs in the package itself.

ℹ Credentials

The skill does not request environment variables, credentials, or special config paths in its metadata. Code references optional env vars for logging/metrics (TRINITYGUARD_ENVIRONMENT, TRINITYGUARD_VERSION) and conditionally uses optional libraries if present. The main proportionality concern is functional: the runtime requires an absolute project_path and candidate responses (which could include secrets) to operate — giving the guard that context is necessary for its function but also increases data exposure surface. No explicit external API keys or unrelated credentials are requested.

ℹ Persistence & Privilege

The skill metadata does not set always:true and does not demand system-wide privileges. But the package's intended deployment model is to be added into AGENTS.md so it runs before every response; that is a powerful capability because, once enabled, it processes all prompts/responses and writes per-turn logs to disk. If enabled globally, it effectively becomes always-on by configuration (user action required). Autonomous invocation by the agent is permitted (disable-model-invocation:false) — this is normal but, combined with global activation, increases blast radius.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install sentryskills
After installation, invoke the skill by name or use /sentryskills
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.1

Initial public release of SentrySkills. - Provides always-on, three-stage security (preflight, runtime, output) for every agent task. - Detects prompt injection, data leaks, unsafe commands, and code vulnerabilities with zero external dependencies. - Includes predictive risk analysis and detailed event logging. - Ships with multiple policy profiles and full documentation for setup and recommended usage. - Default log directory changed from `.codex/logs/` to `sentry_skill_log/` for summary and event logs.

v1.0.0

Initial release of SentrySkills – Always-On Security Guard for Codex agents. - Automatic, multi-stage protection against prompt injection, data leaks, unsafe commands, and code vulnerabilities. - Three-stage guard: preflight intent analysis, runtime monitoring, and output validation/redaction. - Zero external dependencies; fully local processing with no LLM/API calls. - Policy profiles for balanced, strict, or permissive security. - Structured event logging with audit trails and trace IDs for every decision. - Simple integration into Codex via a single AGENTS.md update.

Metadata

Slug sentryskills

Version 1.0.1

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 2

Frequently Asked Questions

What is sentryskills?

SentrySkills - Automatic security guard that runs on EVERY task. Protects against prompt injection, data leaks, unsafe commands, and code vulnerabilities wit... It is an AI Agent Skill for Claude Code / OpenClaw, with 120 downloads so far.

How do I install sentryskills?

Run "/install sentryskills" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is sentryskills free?

Yes, sentryskills is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does sentryskills support?

sentryskills is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created sentryskills?

It is built and maintained by BiaoJie Zeng (@zengbiaojie); the current version is v1.0.1.

More Skills