Openclaw Sentry
v1.0.2Scan workspace files for leaked secrets: API keys, tokens, passwords, private keys, and credentials. Detects AWS, GitHub, Slack, Stripe, OpenAI, Anthropic, Google, Azure keys and more. Free alert layer — upgrade to openclaw-sentry-pro for automated redaction, quarantine, and defense.
⭐ 1· 1.5k·4 current·4 all-time
by@atlaspa
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the included functionality (workspace secret scanning) and the only required binary is python3 — that is coherent. However the published description advertises a 'free alert layer' with redaction/quarantine/defense behind a paid upgrade, while the included script exposes commands (redact, quarantine, unquarantine, defend, protect) that perform modifications locally. The presence of destructive/defensive features inside a skill advertised as 'alert only' is an unexplained mismatch.
Instruction Scope
SKILL.md instructs running scripts/sentry.py against a workspace, which is consistent with scanning. But the documented commands include redact/quarantine/defend/protect in addition to scan/check/status — these operations will modify, move, or write files inside the workspace (create .quarantine, modify files for redaction, potentially write .gitignore or policy files). The instructions also auto-detect a workspace from OPENCLAW_WORKSPACE or default paths, meaning the skill can be pointed at broad directories; confirm you understand which path will be scanned and modified.
Install Mechanism
No install spec (instruction-only) and the only required runtime is python3. The code file is bundled inside the skill (scripts/sentry.py) and uses only Python standard library modules — there are no downloads or external install steps. This low-install footprint reduces supply-chain risk, provided the bundled code is trusted.
Credentials
The skill declares no required environment variables or credentials. The script will optionally read OPENCLAW_WORKSPACE (auto-detection) if not given an explicit --workspace; this is reasonable for workspace detection. It does not request cloud credentials or tokens to perform scanning/exfiltration (no network libraries observed).
Persistence & Privilege
The skill is not always:true and is user-invocable only, which is appropriate. However it intentionally writes to and reorganizes workspace content (quarantine directory, potential redactions, .gitignore/policy files). Those side effects are persistent and could remove or alter files. The skill does not require elevated platform privileges, but its file-modifying capabilities are powerful and should be run only with explicit user consent and backups.
What to consider before installing
This skill will scan and can modify files in whatever workspace you point it at. Before installing or running it: 1) Verify provenance — the package has no homepage and an unknown source; prefer code from a known repository or author. 2) Inspect the bundled scripts/sentry.py yourself (you have it) to confirm behaviors you accept — especially redact/quarantine/defend commands that move or overwrite files. 3) Run in a safe environment first (copy of workspace, container, or test folder) and run only read-only commands like 'scan' or 'status' before using 'redact'/'quarantine'. 4) Backup the workspace before any destructive commands. 5) If you expect only an 'alert-only' tool, ask the maintainer why redaction/quarantine features are present in the free bundle or obtain a version that is strictly read-only. 6) If you need help auditing specific functions in the script (redact/quarantine/defend), share those code snippets and I can summarize exactly what they will change.Like a lobster shell, security has layers — review code before you run it.
latestvk97b8rx65hrjkx3ajssyjb40z9811gbn
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔑 Clawdis
OSmacOS · Linux · Windows
Binspython3