v1.0.0

Sentry Integration

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 12:49 PM.

Analysis

This is a coherent Sentry integration, but it gives the agent Sentry credentials and instructions to change issue and release state, including resolve/ignore and bulk actions, without explicit approval safeguards.

GuidanceBefore installing, make sure you are comfortable giving the agent a Sentry token. Use least-privilege scopes, keep the token out of chat/logs, and require explicit confirmation before the agent resolves, ignores, bulk-updates issues, finalizes releases, records deploys, uploads source maps, or runs monitor-wrapped local commands.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

“Resolve issues that have confirmed fixes deployed; ignore transient errors” and “# Resolve multiple issues at once ... -d '{"id": ["123","456","789"], "status": "resolved"}'”

The skill instructs the agent to perform Sentry issue state changes, including bulk resolution, without explicit confirmation or rollback guidance.

User impactThe agent could close, ignore, assign, or bulk-resolve Sentry issues, which could hide active production problems or change team incident workflows.

RecommendationRequire explicit user approval before any resolve, ignore, assign, release finalization, deploy recording, source-map upload, or bulk operation; default to read-only triage summaries unless the user clearly asks for mutation.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

npm i -g @sentry/cli ... pip install sentry-cli

The skill relies on installing an external CLI package globally. This is central to the stated purpose, but the examples do not pin versions.

User impactInstalling an unpinned global CLI means future package changes could affect what runs on the user's machine.

RecommendationInstall sentry-cli from the official trusted source, consider pinning a known-good version, and review package provenance before installation.

Unexpected Code Execution

SeverityLowConfidenceHighStatusNote

SKILL.md

sentry-cli monitors run <monitor-slug> -- <command> ... sentry-cli monitors run backup-job -- ./run-backup.sh

The monitor wrapper can execute an arbitrary local command while reporting it to Sentry. This is a legitimate Sentry CLI feature, but it is a raw command-execution path.

User impactIf misused, the agent could run local scripts or commands with the user's privileges.

RecommendationOnly use monitor-wrapped commands that the user explicitly provides and approves; do not substitute issue text, logs, or other untrusted content into the command.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

SKILL.md

export SENTRY_AUTH_TOKEN="sntrys_..." ... Auth header: `Authorization: Bearer $SENTRY_AUTH_TOKEN`

The skill uses a bearer token to act against the user's Sentry organization and project. This is expected for a Sentry integration, but it is delegated account authority.

User impactAnyone or any agent flow with access to the token can read Sentry data and perform actions allowed by the token scopes.

RecommendationUse the narrowest Sentry token scopes and project/org limits possible, avoid exposing the token in prompts or logs, and revoke or rotate it when no longer needed.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

SKILL.md

sentry-cli sourcemaps upload ./dist --release "$VERSION" ... “Latest events for an issue (stack traces, breadcrumbs)”

The skill sends source maps to Sentry and retrieves full event details, including stack traces and breadcrumbs. This external provider flow is disclosed and purpose-aligned, but the data can be sensitive.

User impactSource maps, stack traces, breadcrumbs, and event data may reveal source structure, file paths, user actions, or other sensitive operational details.

RecommendationReview what source maps and event data contain before sharing them with the agent, and avoid uploading or exposing secrets, PII, or unnecessary source content.