← 返回 Skills 市场

sentryskills

Name: sentryskills
Author: zengbiaojie

作者 BiaoJie Zeng · GitHub ↗ · v1.0.1 · MIT-0

cross-platform ⚠ suspicious

120

总下载

当前安装

版本数

在 OpenClaw 中安装

/install sentryskills

功能描述

SentrySkills - Automatic security guard that runs on EVERY task. Protects against prompt injection, data leaks, unsafe commands, and code vulnerabilities wit...

安全使用建议

What to check before enabling or installing: - Review the main runtime script: open shared/scripts/self_guard_runtime_hook_template.py (it's large). Confirm it does only local analysis and does not call remote endpoints or exfiltrate data. Search for network sockets, HTTP clients, or hardcoded URLs. - Understand what you will hand the guard: the SKILL.md requires providing absolute project_path, planned_actions, and candidate_response. These can include secrets or full file paths — consider whether you want that data sent to/processed by the guard. - Run it in a sandbox first: install into an isolated account/container and exercise its test scripts (test_integration.py, test_predictive_analysis.py) to see file writes and log output before enabling globally. - Inspect logging and storage: default log dir is ./sentry_skill_log/ and the code will attempt to write per-turn logs and a .self_guard_state directory. Ensure log locations and retention meet your privacy/policy requirements. - Check for optional telemetry: the code will integrate with structlog/prometheus/jsonschema if present. If you don't want metrics exported, ensure those libraries are not installed or check for any HTTP/remote push logic in the code. - Be careful with global activation: the package shows how to append a command to AGENTS.md to run the hook before every response — that gives the skill coverage over all agent outputs. Only enable globally if you trust the code and maintainers. - Source/trust: registry metadata shows no homepage and the owner id is opaque. Prefer packages with a public repository and an author you trust; if you proceed, verify the repository and commit history. If you want, I can scan the large runtime script for network calls, subprocess.exec usage, or other high-risk operations and summarize specific lines to review next.

能力评估

ℹ Purpose & Capability

Name/description (always-on self-guard) match the included code: multiple scripts for preflight, runtime, and output stages are present. The package claims 'zero external dependencies' and the code defensively falls back when optional packages are missing (jsonschema, structlog, prometheus_client) — this is coherent. Minor mismatch: the top-level SKILL.md repeatedly says it 'runs on EVERY task' yet the skill metadata has always:false and activation requires a manual AGENTS.md change; this is a policy/activation mismatch but not necessarily malicious.

⚠ Instruction Scope

Runtime instructions require constructing an input JSON that must include an absolute project_path and planned_actions/candidate_response, running the self_guard_runtime_hook_template.py before every output, and writing structured logs (./sentry_skill_log/ by default). That means the guard expects (and will process) full prompt text, planned actions, and a project path — potentially exposing file-system paths and content. The instructions also say the agent should 'monitor file ops, network calls' — but the mechanism for live monitoring depends on the environment/instrumentation; absent such integration, the script will rely on the provided input and on filesystem access. Requiring absolute project_path and instructing fallback to writable temp dirs increases the chance the skill will read/write files outside the agent sandbox if enabled.

ℹ Install Mechanism

No install spec is provided in registry metadata (instruction-only), which is lower risk than arbitrary remote installers. However the package contains many code files (scripts, policies, templates) that will be placed on disk when the skill is installed. The README mentions installing from a GitHub repo or via a third-party CLI (clawhub) — those are manual flows outside the registry and should be examined separately. There is no evidence of downloads from untrusted URLs in the package itself.

ℹ Credentials

The skill does not request environment variables, credentials, or special config paths in its metadata. Code references optional env vars for logging/metrics (TRINITYGUARD_ENVIRONMENT, TRINITYGUARD_VERSION) and conditionally uses optional libraries if present. The main proportionality concern is functional: the runtime requires an absolute project_path and candidate responses (which could include secrets) to operate — giving the guard that context is necessary for its function but also increases data exposure surface. No explicit external API keys or unrelated credentials are requested.

ℹ Persistence & Privilege

The skill metadata does not set always:true and does not demand system-wide privileges. But the package's intended deployment model is to be added into AGENTS.md so it runs before every response; that is a powerful capability because, once enabled, it processes all prompts/responses and writes per-turn logs to disk. If enabled globally, it effectively becomes always-on by configuration (user action required). Autonomous invocation by the agent is permitted (disable-model-invocation:false) — this is normal but, combined with global activation, increases blast radius.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install sentryskills
安装完成后，直接呼叫该 Skill 的名称或使用 /sentryskills 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.1

Initial public release of SentrySkills. - Provides always-on, three-stage security (preflight, runtime, output) for every agent task. - Detects prompt injection, data leaks, unsafe commands, and code vulnerabilities with zero external dependencies. - Includes predictive risk analysis and detailed event logging. - Ships with multiple policy profiles and full documentation for setup and recommended usage. - Default log directory changed from `.codex/logs/` to `sentry_skill_log/` for summary and event logs.

v1.0.0

Initial release of SentrySkills – Always-On Security Guard for Codex agents. - Automatic, multi-stage protection against prompt injection, data leaks, unsafe commands, and code vulnerabilities. - Three-stage guard: preflight intent analysis, runtime monitoring, and output validation/redaction. - Zero external dependencies; fully local processing with no LLM/API calls. - Policy profiles for balanced, strict, or permissive security. - Structured event logging with audit trails and trace IDs for every decision. - Simple integration into Codex via a single AGENTS.md update.

元数据

Slug sentryskills

版本 1.0.1

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 2

常见问题

sentryskills 是什么？

SentrySkills - Automatic security guard that runs on EVERY task. Protects against prompt injection, data leaks, unsafe commands, and code vulnerabilities wit... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 120 次。

如何安装 sentryskills？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install sentryskills」即可一键安装，无需额外配置。

sentryskills 是免费的吗？

是的，sentryskills 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

sentryskills 支持哪些平台？

sentryskills 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 sentryskills？

由 BiaoJie Zeng（@zengbiaojie）开发并维护，当前版本 v1.0.1。