ClawHub
Back to skill
v1.0.1

Sentry Cli

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:21 AM.

Analysis

This is a straightforward Sentry CLI reference, but it uses Sentry credentials and includes commands that can upload files or change Sentry issue/release state.

GuidanceBefore installing, get sentry-cli from a trusted source, use a least-privilege Sentry token, and confirm org/project/environment, release names, issue IDs, and file paths before running commands that upload artifacts or change Sentry state.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
curl -sL https://sentry.io/get-cli/ | bash

The skill documents a user-directed remote installer command without a pinned version or checksum. This is a common CLI install pattern but should be verified before use.

User impactRunning this install command would execute code retrieved from the network.
RecommendationPrefer a trusted package manager or verify the installer source, version, and checksum before running it.
Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusNote
SKILL.md
sentry-cli issues resolve ISSUE_ID
sentry-cli issues mute ISSUE_ID

The skill includes account-mutating Sentry issue-management commands. These fit the stated purpose but can change issue state if run against the wrong issue or project.

User impactIssues could be incorrectly resolved or muted in Sentry.
RecommendationConfirm the organization, project, and issue ID before running issue-changing commands.
Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusNote
SKILL.md
sentry-cli sourcemaps upload ./dist --release="$VERSION"
sentry-cli debug-files upload --include-sources path/to/dSYMs
sentry-cli send-event -m "Error" --logfile /var/log/app.log

The skill documents commands that upload local build artifacts, sources, and log files to Sentry. This is expected for Sentry debugging workflows but can include sensitive code or operational data.

User impactSource code, source maps, debug symbols, or logs may be sent to Sentry.
RecommendationReview what files are included before upload, avoid broad paths, and do not upload logs or artifacts containing secrets.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
export SENTRY_AUTH_TOKEN="sntrys_..."

[auth]
token=sntrys_...

The skill expects use of a Sentry auth token, either from the environment or .sentryclirc. This is purpose-aligned but grants whatever Sentry permissions the token has.

User impactThe agent or user running these commands may be able to view or change Sentry resources according to the token's scopes.
RecommendationUse a least-privilege Sentry token scoped to the needed organization and project, and avoid committing .sentryclirc or tokens to source control.