← Back to Skills Marketplace

SkillSentryOpenClaw's Always‑On Security Cop

Name: SkillSentryOpenClaw's Always‑On Security Cop
Author: poolguy24

by Poolguy24 · GitHub ↗ · v1.1.0

cross-platform ⚠ suspicious

1110

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install skillsentry

Description

OpenClaw security audit + prompt injection detector. Scans gateway/vulns/cron/PI patterns. Use for frenzy-proofing installs.

Usage Guidance

This package appears to be a local-only OpenClaw auditor, but several things don't add up — the SKILL.md references node scripts (panel-server.js, config.js) and a config.yaml/log path that are not included, and the shell script defaults to a developer's hardcoded path (/Users/BillyAssist/...). Before using/installing: 1) Do not schedule it in cron yet — inspect and run it manually. 2) Read scripts/audit.sh line-by-line and change WORKDIR to your OpenClaw installation (or set WORKDIR env var) so it does not scan an unexpected location. 3) Confirm the commands it calls (openclaw, session_status, nmap) exist and behave as you expect; run audit.sh in a non-privileged account first. 4) Understand it will read local 'memory' and 'skills' directories (these can contain sensitive data); if you do not want that scanned, edit SCAN_PATHS. 5) The UI described in SKILL.md will not run as-is — panel.html is static and no server code is included. 6) Only schedule persistence (cron) after you have validated the script's behavior and outputs and are satisfied it does not transmit data externally. If you need more assurance, ask the author for the missing server/config scripts and an explanation of the hardcoded paths, or run the audit in a controlled environment (container or isolated VM) first.

Capability Analysis

Type: OpenClaw Skill Name: skillsentry Version: 1.1.0 The skill bundle is designed for local security auditing, including scanning for prompt injection patterns and local open ports. The `SKILL.md` explicitly states 'Local-only scans; no network calls outside localhost,' which is confirmed by `scripts/audit.sh` using `nmap` only on `127.0.0.1` and `grep` on local directories. While `SKILL.md` instructs the agent to set up a cron job for the audit script, the `audit.sh` script itself performs only legitimate local checks and does not exhibit any malicious behavior like data exfiltration, unauthorized remote execution, or persistence mechanisms beyond its stated auditing purpose. The `assets/panel.html` and `references/threats.md` files are informational and UI components, respectively, and contain no malicious code or instructions.

Capability Assessment

⚠ Purpose & Capability

The declared purpose (local OpenClaw security audit and prompt-injection detection) matches the included audit.sh which scans OpenClaw status, session state, memory and skills directories and performs a localhost port scan. However SKILL.md instructs running node scripts (node scripts/panel-server.js and node scripts/config.js) and refers to config.yaml and logs/last-report.json even though those node scripts and config file are not present in the package. The audit.sh defaults to hardcoded paths under /Users/BillyAssist/clawd which appears to be a developer leftover and may not match the target system. OUTDIR is declared but never used. These inconsistencies reduce trust in the packaging and intent.

⚠ Instruction Scope

The runtime instructions ask you to present a UI, edit config.yaml, and schedule scripts/audit.sh in cron. The actual bundle only contains a static panel.html, audit.sh, and helper docs; the server and config JS files referenced are missing. The script does scan local 'memory' and 'skills' directories (which is consistent with an auditor) — these may contain sensitive content, so scanning them is warranted but must be understood. SKILL.md claims 'Local-only scans; no network calls outside localhost', and audit.sh adheres to that (it only runs a localhost nmap if present). However the instructions are vague about how cron should be set up and where outputs/logs are stored, and the claimed 'last report at logs/last-report.json' is not produced by the included script.

✓ Install Mechanism

No install spec or remote downloads — the skill is instruction-only with a local shell script and static assets. That minimizes supply-chain risk. The only potentially sensitive operation is executing the bundled shell script; there are no external URL downloads or extracted archives in the package.

ℹ Credentials

The skill declares no required environment variables or credentials, which is appropriate. The script does respect WORKDIR and OUTDIR environment variables if set, but defaults to a hardcoded /Users/BillyAssist/clawd path — this is odd and likely a leftover. The script reads local files (memory, skills) which are relevant for prompt-injection scans but could expose sensitive data; no network exfiltration is present in the code, but you should verify you are comfortable with local file scanning of those paths before running.

ℹ Persistence & Privilege

The skill is not configured always:true and does not autonomously install itself. However SKILL.md explicitly instructs the user to set up a cron job to run scripts/audit.sh on a cadence; that is legitimate for an auditor but creates persistent execution. You should not schedule the script until you inspect and (if needed) edit it and the referenced missing components. The skill does not modify other skills' configs in the package.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install skillsentry
After installation, invoke the skill by name or use /skillsentry
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.1.0

- Added SkillSentry v1.1.0 featuring OpenClaw security audits and prompt injection detection. - Produces a detailed JSON report on security posture and vulnerabilities. **Checks:** ✅ Every line for PI + tool abuse ✅ Exposed API keys ✅ New files + ports ✅ Plain logs **UI:** 🔍 SCAN - Includes a local panel server for scan management, configuration, and log review. - Supports customizable scan frequency, alert types (e.g., Telegram), and detection sensitivity via config. - All operations are local; no external network calls.

Metadata

Slug skillsentry

Version 1.1.0

License —

All-time Installs 6

Active Installs 5

Total Versions 1

Frequently Asked Questions

What is SkillSentryOpenClaw's Always‑On Security Cop?

OpenClaw security audit + prompt injection detector. Scans gateway/vulns/cron/PI patterns. Use for frenzy-proofing installs. It is an AI Agent Skill for Claude Code / OpenClaw, with 1110 downloads so far.

How do I install SkillSentryOpenClaw's Always‑On Security Cop?

Run "/install skillsentry" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is SkillSentryOpenClaw's Always‑On Security Cop free?

Yes, SkillSentryOpenClaw's Always‑On Security Cop is completely free (open-source). You can download, install and use it at no cost.

Which platforms does SkillSentryOpenClaw's Always‑On Security Cop support?

SkillSentryOpenClaw's Always‑On Security Cop is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created SkillSentryOpenClaw's Always‑On Security Cop?

It is built and maintained by Poolguy24 (@poolguy24); the current version is v1.1.0.

More Skills