← Back to Skills Marketplace
80
Downloads
1
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install security-sentinel-ultimate
Description
Scans a skill directory for security issues and best practices
Usage Guidance
This scanner appears to do what it claims, but take care before scanning sensitive directories: the report will include any hardcoded secrets or reconstructed strings it finds, and those results may be sent wherever the agent normally sends outputs. If you plan to scan private code, run the tool locally or in an isolated environment and review the generated Markdown output (or redact findings) before sharing. If you want extra assurance, review scanner.py yourself to confirm there are no unexpected network calls or exfiltration paths (none were found in the provided source).
Capability Analysis
Type: OpenClaw Skill
Name: security-sentinel-ultimate
Version: 0.3.0
The skill is a security scanner that uses Python's AST module in `scanner.py` to detect dangerous coding patterns, hardcoded secrets, and obfuscation techniques. While the code logic is well-implemented and aligned with its stated purpose, the skill is classified as suspicious due to a critical shell injection vulnerability in `SKILL.md`. The `scan_skill` tool passes the user-provided `path` argument directly into a shell command (`python3 ... "{{path}}"`) without sanitization, which could allow an attacker to execute arbitrary commands by including shell metacharacters (e.g., quotes and semicolons) in the path.
Capability Assessment
Purpose & Capability
Name and description match the included artifacts: SKILL.md defines a scan_skill tool that runs the packaged scanner.py against a target skill directory. The skill declares no binaries, env vars, or installs it doesn't use — all required pieces are proportional to a static code scanner.
Instruction Scope
SKILL.md instructs the agent to execute scanner.py against all .py files in the target directory (expected for a scanner). Important caveat: the scanner intentionally finds hardcoded secrets and reconstructs obfuscated strings, and will include findings in its Markdown output — that output can contain sensitive secret material from the scanned code if present. The instructions do not themselves direct results to external endpoints, but the agent running the tool may transmit scan output elsewhere.
Install Mechanism
No install spec (instruction-only) and no external downloads — scanner.py is executed in-place. This is low-risk relative to install scripts or networked installs.
Credentials
The skill requests no environment variables or credentials. The scanner inspects files for secrets but does not require any credentials itself; the scope of access (reading files in the target directory) is appropriate to the task.
Persistence & Privilege
Skill is not configured as always:true and does not request persistent system-wide privileges. It runs on demand and only operates on the provided directory path.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install security-sentinel-ultimate - After installation, invoke the skill by name or use
/security-sentinel-ultimate - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.3.0
- Improved documentation with detailed detection categories and severity model explanations.
- Added a new severity tier system (Critical, Warning, OK) with clear definitions and reporting for individual files and overall status.
- Expanded detection capabilities: flags dangerous calls, hardcoded secrets, risky network calls, multiple obfuscation techniques, and hidden files.
- Enhanced scan analysis: now catches secret construction through string concatenation and `chr()` sequences.
- Clarified tool usage instructions with updated arguments and execution details for easier integration.
Metadata
Frequently Asked Questions
What is Security Sentinel Ultimate?
Scans a skill directory for security issues and best practices. It is an AI Agent Skill for Claude Code / OpenClaw, with 80 downloads so far.
How do I install Security Sentinel Ultimate?
Run "/install security-sentinel-ultimate" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Security Sentinel Ultimate free?
Yes, Security Sentinel Ultimate is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Security Sentinel Ultimate support?
Security Sentinel Ultimate is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Security Sentinel Ultimate?
It is built and maintained by Peter Lum (@liverock); the current version is v0.3.0.
More Skills