ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Arc Sentinel

Security monitoring and infrastructure health checks for OpenClaw agents. Run breach monitoring (HaveIBeenPwned), SSL certificate expiry checks, GitHub security audits, credential rotation tracking, secret scanning, git hygiene, token watchdog, and permission audits. Use when performing security scans, checking credential rotation status, auditing repos for leaked secrets, or monitoring SSL certificates and infrastructure health.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 1.5k · 0 current installs · 0 all-time installs
by@arc-claw-bot
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (arc-sentinel — SSL, breach checks, GitHub audits, secret scanning, token watchdog, permission audits) match the included scripts, which implement those checks. However registry metadata (no required binaries, no env vars listed) does not declare dependencies that SKILL.md and the scripts explicitly require (openssl, gh, curl, python3). This metadata mismatch is unexpected and should be corrected.
!
Instruction Scope
Runtime instructions tell the agent to run sentinel.sh which executes multiple scanners that read many sensitive locations (e.g., ~/.ssh, ~/.aws/credentials, ~/.docker/config.json, ~/.kube/config, ~/.config/fulcra/token.json, LaunchAgents, other skills under ~/.openclaw/workspace/skills). The scanners also grep repository contents and git history and will write findings (including matched secret strings) to stdout and JSON/text reports in reports/YYYY-MM-DD.json. There are no explicit steps that upload findings to remote endpoints inside these scripts, but the practice of collecting and saving secrets in local report files is a privacy/exfiltration risk if those reports are later transmitted or accessible. The skill-auditor script will scan other installed skills (reads other skills' files) which is reasonable for an auditor but is broad and should be consented to.
Install Mechanism
No install spec — instruction-only with bundled scripts. This lowers supply-chain risk (nothing downloaded at install time). All code is present in the package, so reviewable before execution.
!
Credentials
Registry metadata declares no required environment variables or primary credential, yet the code reads environment and configuration (HOME, AWS_ACCESS_KEY_ID, KUBECONFIG, and many files under $HOME). SKILL.md documents HIBP API key as optional, but this (and other credentials) are not declared in the skill metadata. The scripts access many sensitive config paths and may include secret values in reports; requiring explicit declaration of which credentials/configs are needed and why would be expected for a security tool.
Persistence & Privilege
always:false (not force-included) and default model invocation settings are used. The skill does not request to modify other skills' configs or set always:true. It will, however, by default scan the skills directory (~/.openclaw/workspace/skills) which reads other skills' files — that is a privileged read action but appears consistent with its auditing purpose and is not the same as persisting or escalating privileges.
What to consider before installing
Arc Sentinel implements a broad set of local checks and contains many scripts that will read sensitive files (SSH keys, AWS credentials, Docker/NPM/Kube configs, other skills' code), and it will write findings — including matched secret strings — into stdout and report files. Before running it: (1) review the bundled scripts yourself (they are included) to confirm you accept their behavior; (2) do not run as root — run with least privilege or inside an isolated environment (container/VM) to limit exposure; (3) remove or sanitize any real credentials in credential-tracker.json before use and avoid putting API keys/secrets into sentinel.conf unless you understand where reports will be stored/transmitted; (4) note the registry metadata does not list required binaries or env vars even though SKILL.md and the scripts require openssl, gh, curl, python3 and access to many config paths — ask the publisher to correct metadata; (5) if you plan to run it on a machine with sensitive secrets, consider running first in a throwaway VM and inspect generated reports to ensure they are stored only where you expect. If you want me to, I can point out exact lines where each sensitive path is accessed or produce a checklist of files this skill will read.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97d36z61fa02h35kvw8rcen4980arpe

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Arc Sentinel

Security monitoring toolkit for OpenClaw agents. Runs automated checks against your infrastructure and reports issues.

Configuration

Before first use, create sentinel.conf in the skill directory:

cp sentinel.conf.example sentinel.conf

Edit sentinel.conf with your values:

  • DOMAINS — Space-separated list of domains to check SSL certificates
  • GITHUB_USER — GitHub username for repo audits
  • KNOWN_REPOS — Space-separated list of expected repo names (unexpected repos trigger warnings)
  • MONITOR_EMAIL — Email address for HaveIBeenPwned breach checks
  • HIBP_API_KEY — Optional; HIBP v3 API key ($3.50/mo) for automated breach lookups

Also customize credential-tracker.json with your own credentials and rotation policies. A template is provided.

Quick Start

Full scan

cd <skill-dir>
bash sentinel.sh

Output

  • Formatted report to stdout with color-coded severity
  • JSON report saved to reports/YYYY-MM-DD.json
  • Exit codes: 0 = all clear, 1 = warnings, 2 = critical

Checks

1. SSL Certificate Expiry

Check certificate expiry for configured domains. Warns at <30 days, critical at <14 days.

2. GitHub Security

  • List repos and check Dependabot/vulnerability alert status
  • Review recent account activity for anomalies
  • Flag unexpected repositories

3. Breach Monitoring (HaveIBeenPwned)

  • Query HIBP API for breached accounts (requires API key)
  • Falls back to manual check URL if no key is set

4. Credential Rotation Tracking

Read credential-tracker.json and flag credentials that are overdue, approaching expiry, or never rotated. Supports policies: quarterly (90d), 6_months (180d), annual (365d), auto.

Additional Scripts

ScriptPurpose
scripts/secret-scanner.shScan repos/files for leaked secrets and API keys
scripts/git-hygiene.shAudit git history for security issues
scripts/token-watchdog.shMonitor token validity and expiry
scripts/permission-auditor.shAudit file and access permissions
scripts/skill-auditor.shAudit installed skills for security
scripts/full-audit.shRun all scripts in sequence

Agent Usage

During heartbeats or on request:

  1. Run bash sentinel.sh from the skill directory
  2. Review output for WARN or CRITICAL items
  3. Report findings to the human if anything needs attention
  4. Update credential-tracker.json when credentials are rotated

Cron Setup

# Weekly Monday 9am
0 9 * * 1 cd /path/to/arc-sentinel && bash sentinel.sh >> reports/cron.log 2>&1

Requirements

  • openssl (SSL checks)
  • gh CLI authenticated (GitHub checks)
  • curl (HIBP)
  • python3 (JSON processing)

Files

10 total
Select a file
Select a file to preview.

Comments

Loading comments…