Back to plugin

Security audit

Sentry

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: it uses a Sentry auth token to provide read-only Sentry organization, project, and issue triage tools.

Before installing, make sure you are comfortable giving OpenClaw a Sentry token, because the agent will be able to read Sentry organization, project, and issue information available to that token. Use the narrow scopes recommended by the plugin, such as org:read and event:read, and verify that baseUrl is either https://sentry.io or your trusted self-hosted Sentry instance.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/store.js:9
Evidence
this.authToken = [REDACTED]?.trim() ?? "";

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
src/store.ts:24
Evidence
this.authToken = [REDACTED]?.trim() ?? "";