v1.0.2

Openclaw Sentry

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:23 AM.

Analysis

This is mostly a coherent local secret scanner, but the bundled script also advertises file-changing redaction, quarantine, and protection commands that are not disclosed in the main skill commands.

GuidanceBefore installing, assume this tool can inspect sensitive workspace files and may also contain file-changing modes. If you proceed, run only scan/check/status on a scoped workspace unless you have backups and explicitly want redaction or quarantine behavior.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceMediumStatusConcern

scripts/sentry.py

Usage:\n    sentry.py redact [file]  [--workspace PATH]\n    sentry.py quarantine <file> [--workspace PATH]\n    sentry.py defend         [--workspace PATH]\n    sentry.py protect        [--workspace PATH]\n...\n# considered high-density and auto-quarantined by `protect`.

The included tool advertises commands that can modify or move workspace files, and `protect` is described as auto-quarantining files. This is broader than the SKILL.md scan/check/status workflow and is not clearly scoped there.

User impactIf an agent or user invokes these modes, false positives or broad matching could redact, move, or quarantine workspace files rather than only reporting secrets.

RecommendationTreat the skill as more than a read-only scanner. Use only scan/check/status unless you intentionally want file mutation, and ask the maintainer to document, gate, or remove mutating commands with explicit confirmation and recovery steps.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

scripts/sentry.py

def collect_files(workspace): ... for root, dirs, filenames in os.walk(workspace): ... if not is_binary(fpath): files.append(fpath) ... content = filepath.read_text(encoding="utf-8", errors="ignore")

The scanner recursively opens non-binary workspace files to inspect their contents. This is necessary for secret detection, but it means secret-bearing files enter the tool's processing and reporting path.

User impactThe tool may surface sensitive filenames and masked secret values in reports or agent context.

RecommendationRun it only in workspaces you intend to inspect, pass a narrow --workspace path when possible, and avoid sharing scan output broadly.