ClawHub
Back to skill
v1.0.2

Openclaw Sentinel

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:22 AM.

Analysis

The skill appears to be a local, purpose-aligned security scanner; the main things to notice are its broad workspace scanning, persistent local scan/threat data, provenance gap, and strong safety claims.

GuidanceBefore installing, verify the package source because the registry metadata lacks a source/homepage. When using it, run with an explicit workspace or skill path, keep generated reports local if they contain paths or hashes, import only trusted threat lists, and treat SAFE/REVIEW/REJECT results as advisory rather than a guarantee.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
metadata
Source: unknown; Homepage: none

The registry metadata does not identify a verified source or homepage, even though this is a security-sensitive scanner users may rely on.

User impactYou may have less assurance that the package came from the claimed project or has the same contents as any public repository.
RecommendationVerify the publisher, repository, and file hashes before installing or using it as a security decision point.
Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
Deep scan of all installed skills for supply chain risks... python3 {baseDir}/scripts/sentinel.py scan --workspace /path/to/workspace

The tool is intended to inspect all installed skills under a workspace, which is appropriate for its purpose but gives it broad local read scope over those skill files.

User impactRunning it on the wrong workspace could scan and report on more local skill files than intended.
RecommendationUse an explicit --workspace or inspect path, and review generated reports before sharing them.
Human-Agent Trust Exploitation
SeverityInfoConfidenceHighStatusNote
SKILL.md
Verify skills are safe before they touch your workspace... shows exactly what binaries, network calls, and file operations the skill will perform.

The documentation uses strong assurance language for a heuristic static scanner, which could encourage over-reliance on its SAFE/REVIEW/REJECT output.

User impactA clean result should not be treated as a guarantee that another skill is safe.
RecommendationTreat the scanner as an advisory layer and still review high-risk skills, permissions, and install steps manually.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
scripts/sentinel.py
SENTINEL_DIR, THREAT_DB_FILE, HISTORY_FILE = ".sentinel", "threats.json", "history.json"

The scanner keeps persistent local state for threat data and scan history, and the documented threat-list import can influence later scan results.

User impactImported threat lists or stored scan history can affect future recommendations and may include local file paths or hashes.
RecommendationImport threat lists only from trusted sources and delete the workspace .sentinel directory if you need to reset stored scan state.