Openclaw Sentry
Scan workspace files for leaked secrets: API keys, tokens, passwords, private keys, and credentials. Detects AWS, GitHub, Slack, Stripe, OpenAI, Anthropic, Google, Azure keys and more. Free alert layer — upgrade to openclaw-sentry-pro for automated redaction, quarantine, and defense.
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 1 · 1.3k · 4 current installs · 4 all-time installs
by@AtlasPA
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the included functionality (workspace secret scanning) and the only required binary is python3 — that is coherent. However the published description advertises a 'free alert layer' with redaction/quarantine/defense behind a paid upgrade, while the included script exposes commands (redact, quarantine, unquarantine, defend, protect) that perform modifications locally. The presence of destructive/defensive features inside a skill advertised as 'alert only' is an unexplained mismatch.
Instruction Scope
SKILL.md instructs running scripts/sentry.py against a workspace, which is consistent with scanning. But the documented commands include redact/quarantine/defend/protect in addition to scan/check/status — these operations will modify, move, or write files inside the workspace (create .quarantine, modify files for redaction, potentially write .gitignore or policy files). The instructions also auto-detect a workspace from OPENCLAW_WORKSPACE or default paths, meaning the skill can be pointed at broad directories; confirm you understand which path will be scanned and modified.
Install Mechanism
No install spec (instruction-only) and the only required runtime is python3. The code file is bundled inside the skill (scripts/sentry.py) and uses only Python standard library modules — there are no downloads or external install steps. This low-install footprint reduces supply-chain risk, provided the bundled code is trusted.
Credentials
The skill declares no required environment variables or credentials. The script will optionally read OPENCLAW_WORKSPACE (auto-detection) if not given an explicit --workspace; this is reasonable for workspace detection. It does not request cloud credentials or tokens to perform scanning/exfiltration (no network libraries observed).
Persistence & Privilege
The skill is not always:true and is user-invocable only, which is appropriate. However it intentionally writes to and reorganizes workspace content (quarantine directory, potential redactions, .gitignore/policy files). Those side effects are persistent and could remove or alter files. The skill does not require elevated platform privileges, but its file-modifying capabilities are powerful and should be run only with explicit user consent and backups.
What to consider before installing
This skill will scan and can modify files in whatever workspace you point it at. Before installing or running it: 1) Verify provenance — the package has no homepage and an unknown source; prefer code from a known repository or author. 2) Inspect the bundled scripts/sentry.py yourself (you have it) to confirm behaviors you accept — especially redact/quarantine/defend commands that move or overwrite files. 3) Run in a safe environment first (copy of workspace, container, or test folder) and run only read-only commands like 'scan' or 'status' before using 'redact'/'quarantine'. 4) Backup the workspace before any destructive commands. 5) If you expect only an 'alert-only' tool, ask the maintainer why redaction/quarantine features are present in the free bundle or obtain a version that is strictly read-only. 6) If you need help auditing specific functions in the script (redact/quarantine/defend), share those code snippets and I can summarize exactly what they will change.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.2
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔑 Clawdis
OSmacOS · Linux · Windows
Binspython3
SKILL.md
OpenClaw Sentry
Scans your agent workspace for leaked secrets — API keys, tokens, passwords, private keys, and credentials that should never be in plain text.
The Problem
Agent workspaces accumulate secrets: API keys in config files, tokens in memory logs, passwords in environment files. A single leaked credential can compromise your entire infrastructure. Existing secret scanners work on git repos — nothing watches the agent workspace itself.
Commands
Full Scan
Scan all workspace files for secrets and high-risk files.
python3 {baseDir}/scripts/sentry.py scan --workspace /path/to/workspace
Check Single File
Check a specific file for secrets.
python3 {baseDir}/scripts/sentry.py check MEMORY.md --workspace /path/to/workspace
Quick Status
One-line summary of secret exposure risk.
python3 {baseDir}/scripts/sentry.py status --workspace /path/to/workspace
What It Detects
| Provider | Patterns |
|---|---|
| AWS | Access keys (AKIA...), secret keys |
| GitHub | PATs (ghp_, gho_, ghs_, ghr_, github_pat_) |
| Slack | Bot/user tokens (xox...), webhooks |
| Stripe | Secret keys (sk_live_), publishable keys |
| OpenAI | API keys (sk-...) |
| Anthropic | API keys (sk-ant-...) |
| API keys (AIza...), OAuth secrets | |
| Azure | Storage account keys |
| Generic | API keys, secrets, passwords, bearer tokens, connection strings |
| Crypto | PEM private keys, .key/.pem/.p12 files |
| Database | PostgreSQL/MySQL/MongoDB/Redis URLs with credentials |
| JWT | JSON Web Tokens |
| Environment | .env files with variables |
Exit Codes
0— Clean, no secrets found1— Warnings (high-risk files detected)2— Critical secrets found
No External Dependencies
Python standard library only. No pip install. No network calls. Everything runs locally.
Cross-Platform
Works with OpenClaw, Claude Code, Cursor, and any tool using the Agent Skills specification.
Files
3 totalSelect a file
Select a file to preview.
Comments
Loading comments…