Sentry Cli
Security checks across malware telemetry and agentic risk
Overview
This is a straightforward Sentry CLI reference, but it uses Sentry credentials and includes commands that can upload files or change Sentry issue/release state.
Before installing, get sentry-cli from a trusted source, use a least-privilege Sentry token, and confirm org/project/environment, release names, issue IDs, and file paths before running commands that upload artifacts or change Sentry state.
VirusTotal
65/65 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running this install command would execute code retrieved from the network.
The skill documents a user-directed remote installer command without a pinned version or checksum. This is a common CLI install pattern but should be verified before use.
curl -sL https://sentry.io/get-cli/ | bash
Prefer a trusted package manager or verify the installer source, version, and checksum before running it.
The agent or user running these commands may be able to view or change Sentry resources according to the token's scopes.
The skill expects use of a Sentry auth token, either from the environment or .sentryclirc. This is purpose-aligned but grants whatever Sentry permissions the token has.
export SENTRY_AUTH_TOKEN="sntrys_..." [auth] token=sntrys_...
Use a least-privilege Sentry token scoped to the needed organization and project, and avoid committing .sentryclirc or tokens to source control.
Issues could be incorrectly resolved or muted in Sentry.
The skill includes account-mutating Sentry issue-management commands. These fit the stated purpose but can change issue state if run against the wrong issue or project.
sentry-cli issues resolve ISSUE_ID sentry-cli issues mute ISSUE_ID
Confirm the organization, project, and issue ID before running issue-changing commands.
Source code, source maps, debug symbols, or logs may be sent to Sentry.
The skill documents commands that upload local build artifacts, sources, and log files to Sentry. This is expected for Sentry debugging workflows but can include sensitive code or operational data.
sentry-cli sourcemaps upload ./dist --release="$VERSION" sentry-cli debug-files upload --include-sources path/to/dSYMs sentry-cli send-event -m "Error" --logfile /var/log/app.log
Review what files are included before upload, avoid broad paths, and do not upload logs or artifacts containing secrets.