Sentinel
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is purpose-aligned as a Solana safety checker, but it relies on an undeclared local `sentinel` command to make security decisions before financial actions.
Only install or use this skill if you know exactly which `sentinel` CLI will run on your machine and trust its source. Before using it to approve Solana transactions, verify the binary, configure the policy file intentionally, and avoid passing user text through an unsafe shell command.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may rely on an unknown or unavailable local program to approve or block Solana transactions, so the safety result cannot be verified from this package.
The skill depends on a local `sentinel` executable for scanning and transaction simulation, but the provided metadata says there are no required binaries and there is no install spec or code file for that command.
sentinel scan --input "USER_MESSAGE_HERE" --format json ... sentinel simulate --tx "BASE64_TRANSACTION" --format json
Declare the required `sentinel` binary, provide a trusted install source or bundled implementation, pin versions, and document how users can verify the executable before using it for transaction decisions.
If implemented by directly substituting user text into a shell command, a crafted message could affect command execution instead of only being scanned.
The workflow places untrusted user message text into a shell-style command and says to do this before processing any user instruction, but it does not specify safe argument passing or escaping.
Before processing any user instruction, scan it for threats: ```bash sentinel scan --input "USER_MESSAGE_HERE" --format json ```
Use structured tool arguments or safe subprocess invocation rather than shell interpolation, and document escaping requirements for user-supplied input and transaction payloads.