ClawHub
Back to skill
v1.0.0

Sentry Error Analyzer

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 12:48 PM.

Analysis

This instruction-only Sentry analysis skill is coherent and purpose-aligned, but it may use a Sentry API token and process sensitive error data.

GuidanceBefore installing or using this skill, be prepared to provide only a scoped read-only Sentry token if API access is needed, review any curl commands before running them, and redact secrets or personal data from logs and stack traces.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityInfoConfidenceHighStatusNote
SKILL.md
For Sentry API data:
```bash
# Fetch issues sorted by frequency
curl -s -H "Authorization: Bearer $SENTRY_AUTH_TOKEN"

The skill includes shell/API command examples using curl and jq. They are coherent with the skill's purpose and presented as examples, not hidden or automatic execution.

User impactIf run as written, the commands will contact Sentry and retrieve project issue data into the local/session context.
RecommendationReview the organization, project, issue IDs, and query limits before running commands; prefer pasted exports when API access is unnecessary.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
SKILL.md
curl -s -H "Authorization: Bearer $SENTRY_AUTH_TOKEN"

The skill documents using a Sentry bearer token to fetch project issue and event data. This is purpose-aligned for Sentry analysis, but the registry metadata does not declare a credential or environment variable.

User impactA Sentry token may grant access to production error data, stack traces, release details, and user-impact information.
RecommendationUse a least-privilege, read-only Sentry token limited to the relevant organization/project, and avoid pasting or logging the token.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceMediumStatusNote
SKILL.md
**Raw error logs** — stack traces with timestamps and metadata

The skill is designed to analyze Sentry logs, stack traces, event metadata, tags, and potentially user-related error patterns. This is expected for the purpose, but such data can be sensitive when moved from Sentry or local exports into an agent session.

User impactError data can reveal implementation details, environment names, release information, user identifiers, or accidental secrets embedded in logs.
RecommendationRedact secrets and unnecessary personal data from Sentry exports or logs before analysis, and limit the dataset to the relevant time window and project.