← 返回 Skills 市场
85
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install logsentry
功能描述
Logging quality & observability analyzer -- detects missing structured logging, sensitive data in logs, inconsistent log levels, and log injection vulnerabil...
使用说明 (SKILL.md)
LogSentry -- Logging Quality & Observability Analyzer
LogSentry scans codebases for logging anti-patterns, missing structured logging, sensitive data exposure in log output, inconsistent log levels, missing correlation IDs, and log injection vulnerabilities. It uses regex-based pattern matching against 90 logging-specific patterns across 6 categories, lefthook for git hook integration, and produces markdown reports with actionable remediation guidance. 100% local. Zero telemetry.
Commands
Free Tier (No license required)
logsentry scan [file|directory]
One-shot logging quality scan of files or directories.
How to execute:
bash "\x3CSKILL_DIR>/scripts/dispatcher.sh" --path [target]
What it does:
- Accepts a file path or directory (defaults to current directory)
- Discovers all source files (skips .git, node_modules, binaries, images, .min.js)
- Runs 30 logging quality patterns against each file (free tier limit)
- Calculates a logging quality score (0-100) per file and overall
- Grades: A (90-100), B (80-89), C (70-79), D (60-69), F (\x3C60)
- Outputs findings with: file, line number, check ID, severity, description, recommendation
- Exit code 0 if score >= 70, exit code 1 if logging quality is poor
- Free tier limited to first 30 patterns (SL + LL categories)
Example usage scenarios:
- "Scan my code for logging issues" -> runs
logsentry scan . - "Check this file for logging anti-patterns" -> runs
logsentry scan src/server.ts - "Find sensitive data in my logs" -> runs
logsentry scan src/ - "Audit logging quality in my project" -> runs
logsentry scan . - "Check for log injection vulnerabilities" -> runs
logsentry scan .
Pro Tier ($19/user/month -- requires LOGSENTRY_LICENSE_KEY)
logsentry scan --tier pro [file|directory]
Extended scan with 60 patterns covering structured logging, log levels, sensitive data, and log injection.
How to execute:
bash "\x3CSKILL_DIR>/scripts/dispatcher.sh" --path [target] --tier pro
What it does:
- Validates Pro+ license
- Runs 60 logging patterns (SL, LL, SD, LI categories)
- Detects sensitive data in logs (passwords, tokens, PII)
- Identifies log injection vulnerabilities
- Full category breakdown reporting
logsentry scan --format json [directory]
Generate JSON output for CI/CD integration.
bash "\x3CSKILL_DIR>/scripts/dispatcher.sh" --path [directory] --format json
logsentry scan --format html [directory]
Generate HTML report for browser viewing.
bash "\x3CSKILL_DIR>/scripts/dispatcher.sh" --path [directory] --format html
logsentry scan --category SD [directory]
Filter scan to a specific check category (SL, LL, SD, LI, CI, OB).
bash "\x3CSKILL_DIR>/scripts/dispatcher.sh" --path [directory] --category SD
Team Tier ($39/user/month -- requires LOGSENTRY_LICENSE_KEY with team tier)
logsentry scan --tier team [directory]
Full scan with all 90 patterns across all 6 categories including correlation IDs and observability.
How to execute:
bash "\x3CSKILL_DIR>/scripts/dispatcher.sh" --path [directory] --tier team
What it does:
- Validates Team+ license
- Runs all 90 patterns across 6 categories
- Includes correlation/context checks (missing request IDs, trace IDs)
- Includes observability checks (missing metrics, health checks, audit trails)
- Full category breakdown with per-file results
logsentry scan --verbose [directory]
Verbose output showing every matched line and pattern details.
bash "\x3CSKILL_DIR>/scripts/dispatcher.sh" --path [directory] --verbose
logsentry status
Show license and configuration information.
bash "\x3CSKILL_DIR>/scripts/dispatcher.sh" status
Check Categories
LogSentry detects 90 logging anti-patterns across 6 categories:
| Category | Code | Patterns | Description | Severity Range |
|---|---|---|---|---|
| Structured Logging | SL | 15 | Missing structured logging, print/println instead of loggers, string concatenation in log messages, missing log context fields | medium -- high |
| Log Levels | LL | 15 | Incorrect log level usage, debug in production, missing error-level for exceptions, inconsistent level patterns | low -- high |
| Sensitive Data | SD | 15 | Passwords/tokens/PII in log output, logging request bodies, credit card patterns, SSN/email exposure | high -- critical |
| Log Injection | LI | 15 | Unsanitized user input in logs, newline injection, CRLF attacks, format string vulnerabilities | high -- critical |
| Correlation & Context | CI | 15 | Missing request/trace IDs, missing correlation IDs, no structured context, inconsistent timestamp formats | low -- medium |
| Observability | OB | 15 | Missing metrics emission, no health check logging, missing audit trail events, absent error rate tracking | low -- medium |
Tier-Based Pattern Access
| Tier | Patterns | Categories |
|---|---|---|
| Free | 30 | SL, LL |
| Pro | 60 | SL, LL, SD, LI |
| Team | 90 | SL, LL, SD, LI, CI, OB |
| Enterprise | 90 | SL, LL, SD, LI, CI, OB + priority support |
Scoring
LogSentry uses a deductive scoring system starting at 100 (perfect):
| Severity | Point Deduction | Description |
|---|---|---|
| Critical | -25 per finding | Severe security issue (sensitive data exposure, injection) |
| High | -15 per finding | Significant quality problem (missing loggers, concatenation) |
| Medium | -8 per finding | Moderate concern (debug levels, missing context) |
| Low | -3 per finding | Informational / best practice suggestion |
Grading Scale
| Grade | Score Range | Meaning |
|---|---|---|
| A | 90-100 | Excellent logging quality |
| B | 80-89 | Good logging with minor issues |
| C | 70-79 | Acceptable but needs improvement |
| D | 60-69 | Poor logging quality |
| F | Below 60 | Critical logging problems |
- Pass threshold: 70 (Grade C or better)
- Exit code 0 = pass (score >= 70)
- Exit code 1 = fail (score \x3C 70)
Configuration
Users can configure LogSentry in ~/.openclaw/openclaw.json:
{
"skills": {
"entries": {
"logsentry": {
"enabled": true,
"apiKey": "YOUR_LICENSE_KEY_HERE",
"config": {
"severityThreshold": "medium",
"ignorePatterns": ["**/test/**", "**/fixtures/**", "**/*.test.*"],
"ignoreChecks": [],
"reportFormat": "text"
}
}
}
}
}
Important Notes
- Free tier works immediately with no configuration
- All scanning happens locally -- no code is sent to external servers
- License validation is offline -- no phone-home or network calls
- Pattern matching only -- no AST parsing, no external dependencies beyond bash
- Supports scanning all file types in a single pass
- Git hooks use lefthook which must be installed (see install metadata above)
- Exit codes: 0 = pass (score >= 70), 1 = fail (for CI/CD integration)
- Output formats: text (default), json, html
Error Handling
- If lefthook is not installed and user tries hooks, prompt to install it
- If license key is invalid or expired, show clear message with link to https://logsentry.pages.dev/renew
- If a file is binary, skip it automatically with no warning
- If no scannable files found in target, report clean scan with info message
- If an invalid category is specified with --category, show available categories
When to Use LogSentry
The user might say things like:
- "Scan my code for logging issues"
- "Check my logging quality"
- "Find sensitive data in my logs"
- "Detect log injection vulnerabilities"
- "Are there any passwords being logged?"
- "Check for missing structured logging"
- "Audit my observability practices"
- "Find inconsistent log levels"
- "Check for missing correlation IDs"
- "Scan for logging anti-patterns"
- "Run a logging quality audit"
- "Generate a logging quality report"
- "Check if user input is being logged unsafely"
- "Find print statements that should be logger calls"
- "Check my code for log injection risks"
安全使用建议
LogSentry appears to be what it claims: a local, regex-based logging-quality scanner that can integrate with git hooks and uses an optional license key (LOGSENTRY_LICENSE_KEY). Before installing: 1) Review the scripts locally (dispatcher.sh, analyzer.sh, patterns.sh, license.sh) if you can — they run locally and do not send data externally. 2) Be aware that installing hooks will modify your repository's lefthook.yml and will run scans on staged files (you can skip hooks with git commit --no-verify but that bypasses protections). 3) If you don't want the skill to probe your OpenClaw config, do not store a license in ~/.openclaw/openclaw.json or unset LOGSENTRY_LICENSE_KEY; the script will look there for convenience. 4) Ensure you have lefthook installed from a trusted source (brew install lefthook) and that grep, bash, and optional tools (python3/node/jq/openssl) are available if you expect full functionality. 5) If any part of the behavior feels unexpected (automatic repo modification, scanning sensitive files), run the tool in a sandboxed copy of your repository first.
功能分析
Type: OpenClaw Skill
Name: logsentry
Version: 1.0.0
LogSentry is a legitimate logging audit and observability tool designed to scan local codebases for security anti-patterns, such as sensitive data exposure (SD-001 to SD-015) and log injection vulnerabilities (LI-001 to LI-015). The skill bundle consists of Bash scripts (analyzer.sh, dispatcher.sh) that perform regex-based pattern matching locally, generate reports in multiple formats (JSON, HTML, Markdown), and integrate with Git hooks via lefthook. The license validation logic in license.sh is entirely offline and JWT-based, and there is no evidence of data exfiltration, telemetry, or unauthorized network activity.
能力标签
能力评估
Purpose & Capability
Name/description (logging/observability analyzer) match the shipped scripts (dispatcher.sh, analyzer.sh, patterns.sh, license.sh). Required binaries (git, bash) and the brew install of lefthook are coherent for an agent that installs git hooks and runs shell-based pattern scans. Minor mismatch: README and scripts rely on grep and optional tools (python3, node, jq, openssl, base64) as fallbacks, but the skill metadata only declared git and bash.
Instruction Scope
Runtime instructions call local shell scripts to discover and scan files, produce text/JSON/HTML reports, and optionally install lefthook git hooks. The scripts read files under the target path and (for license lookup) ~/.openclaw/openclaw.json; they do not contact remote endpoints. Note: installing the hooks will cause scans to run on staged files (pre-commit/pre-push), which means the skill will read any code you stage — including files that may contain secrets. This behavior is expected for a git-hook-integrated scanner, but you should be aware it reads repo files and the local OpenClaw config.
Install Mechanism
Install uses a known package (lefthook) via Homebrew, and the scripts provide instructions to copy config/lefthook.yml and run lefthook install. No archived downloads, personal servers, or obfuscated installers are used in the included install spec.
Credentials
The single primary credential LOGSENTRY_LICENSE_KEY is proportionate to a tiered (Pro/Team) scanner. The license module will also attempt to read ~/.openclaw/openclaw.json to retrieve a stored apiKey if the env var is not set — this is reasonable for convenience but means the skill will parse a local config file that may contain other keys for the user. No other unrelated credentials are requested.
Persistence & Privilege
The skill does not request always:true and allows normal user invocation. Installing hooks modifies repository-level lefthook.yml (or appends to it) and runs lefthook install — this is expected for integrating a pre-commit/pre-push scanner but is a persistent change to your git repo configuration and can block commits if findings are high/critical.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install logsentry - 安装完成后,直接呼叫该 Skill 的名称或使用
/logsentry触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of LogSentry – logging quality & observability analyzer.
- Scans codebases for logging anti-patterns, missing structured logging, sensitive data exposure, inconsistent log levels, and log injection vulnerabilities.
- Supports 3 tiers: Free (30 patterns), Pro (60 patterns), Team (90 patterns across 6 categories).
- Outputs actionable markdown reports with grading (A–F) and logging quality scores.
- 100% local execution, no telemetry, and offline license validation.
- Integrates with git hooks via lefthook.
- Multiple output formats: text, JSON, HTML.
元数据
常见问题
logsentry 是什么?
Logging quality & observability analyzer -- detects missing structured logging, sensitive data in logs, inconsistent log levels, and log injection vulnerabil... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 85 次。
如何安装 logsentry?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install logsentry」即可一键安装,无需额外配置。
logsentry 是免费的吗?
是的,logsentry 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
logsentry 支持哪些平台?
logsentry 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin, linux, win32)。
谁开发了 logsentry?
由 suhteevah(@suhteevah)开发并维护,当前版本 v1.0.0。
推荐 Skills