Openclaw Sentinel
PassAudited by ClawScan on May 10, 2026.
Overview
The provided artifacts look like a local security scanner; the critical static hit appears to be one of its detection signatures, but users should verify the full script and run it only on the intended workspace.
Before installing, verify the package source, inspect the full scripts/sentinel.py because the provided artifact view is truncated, run scans with an explicit --workspace path, and import only trusted threat JSON files.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run against the wrong workspace, it may read and report on more local skill files than intended.
The skill is designed to inspect all installed skills in a workspace. That broad local file inspection is expected for a supply-chain scanner, but users should notice the scope.
Deep scan of all installed skills for supply chain risks.
Run it with an explicit --workspace path and review scan output before taking any action based on it.
A bad or untrusted threat list could create misleading future results, and local history may reveal what skills were scanned.
The scanner persists a local threat database and scan history. Imported threat data can influence future scan results.
SENTINEL_DIR, THREAT_DB_FILE, HISTORY_FILE = ".sentinel", "threats.json", "history.json"
Import threat lists only from trusted sources and delete or review the .sentinel data if you do not want this local state retained.
Users could confuse the registry package with an unverified external repository.
The README references an external repository while the registry metadata lists the source as unknown and no homepage. This is a provenance gap, not evidence of malicious behavior.
git clone https://github.com/AtlasPA/openclaw-sentinel.git
Verify the repository owner and compare the installed files against the registry artifact before trusting it.
Users may overestimate or misunderstand what actions the tool can take.
The source docstring describes broader countermeasure features than the SKILL.md command list and registry description emphasize, which could confuse users about whether this package only alerts or can also modify/quarantine skills.
Everything in openclaw-sentinel (free) plus automated countermeasures: quarantine, reject, SBOM generation, continuous monitoring
Check the full script and CLI help before use, and avoid any quarantine or blocking mode unless you intentionally want it and have backups.