Back to skill
Skillv1.0.1
ClawScan security
Native Sentry · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 24, 2026, 10:00 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it is a read-only Sentry REST API helper that only requires a Sentry auth token and Python 3 and its code and instructions match that purpose.
- Guidance
- This skill appears to do exactly what it says: read-only access to Sentry via the REST API. Before installing, confirm you provide a Sentry token with only read scopes (project:read, event:read, org:read). Be cautious if you override the base URL (SENTRY_BASE_URL or --base-url) because the token will be sent to that host — only point it at trusted Sentry instances. Avoid using --no-redact in shared or logged environments because it can expose PII and stack traces. If you need a higher assurance, review the included scripts/sentry_api.py yourself (it is small and uses only stdlib networking).
Review Dimensions
- Purpose & Capability
- okName/description, required binaries, declared primary env (SENTRY_AUTH_TOKEN) and included Python script all align with a read-only Sentry API helper. The script only implements listing issues, fetching events, and event/issue details — exactly what the description promises.
- Instruction Scope
- noteSKILL.md instructions restrict operations to HTTP reads against the configured Sentry base URL and only reference SENTRY_AUTH_TOKEN, SENTRY_ORG, SENTRY_PROJECT and optional SENTRY_BASE_URL. The instructions and script redaction behavior are explicit. Note: the skill allows disabling redaction (--no-redact) and supports overriding the base URL, which could result in tokens/data being sent to a non-Sentry host if misconfigured; the README and SKILL.md warn about PII exposure.
- Install Mechanism
- okThis is an instruction-only skill with a bundled pure-stdlib Python script; there is no install step that downloads external code or runs package managers. No risky install URLs or extract operations are present.
- Credentials
- okOnly SENTRY_AUTH_TOKEN is required (primary credential) and is appropriate for the stated read-only purpose. Optional environment variables (SENTRY_ORG, SENTRY_PROJECT, SENTRY_BASE_URL) are used for convenience; they are not required. The requested env access is proportional to the functionality.
- Persistence & Privilege
- okThe skill does not request always:true, has no install that persists to system locations beyond its own script, and does not modify other skills or system configs. Autonomous invocation is allowed by default (platform behavior) but is not combined with other privileged requests.