Sentinel — Agent Security Layer
v1.0.5Runtime security layer for OpenClaw agents. Intercepts and scans all external input (emails, API responses, web content, chat messages, calendar events) for...
⭐ 0· 225·1 current·1 all-time
byOleg@oleglegegg
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (runtime input/output sentinel) matches the provided artifacts: multiple bash scripts that scan stdin, log threats to ~/.sentinel/threats.jsonl, generate/check canaries, and optionally use a premium patterns file. No unexplained environment variables, binaries, or cloud credentials are required.
Instruction Scope
SKILL.md and scripts stay within the stated purpose (intercept/scan inputs and monitor outputs). Noteworthy: the guide explicitly instructs adding invisible canary markers into SOUL.md or system prompts and recommends piping all external content through the filters — these are expected for a runtime sentinel but do instruct modifying local agent files (SOUL.md/system prompt), so users should review and back up any files before injecting markers.
Install Mechanism
No install spec; this is instruction-plus-scripts (pure bash). No downloads or remote installers are invoked by the package. The scripts rely on common utilities (grep, sed, base64, optionally jq).
Credentials
The skill asks for no credentials or env vars. The scripts scan for many secret/token formats (OpenAI, AWS, GitHub, crypto keys, etc.), which is coherent with its stated goal. The premium pack path (~/.sentinel/premium_patterns.json) and optional use of jq are documented and proportional.
Persistence & Privilege
The scripts create and write logs under ~/.sentinel and can inject canary markers into user-specified files. always:false and autonomous invocation defaults are unchanged. Writing to user files and creating ~/.sentinel is expected for the tool's purpose but is a permanent local change the user should consent to.
Scan Findings in Context
[system-prompt-override] expected: The SKILL.md and patterns intentionally include prompt-injection phrases (system prompt override patterns) because the tool's function is to detect such injections. The pre-scan detector flagged this content but it's appropriate for a sentinel.
Assessment
This skill is a set of local bash filters that scan stdin and stdout for injections and secrets and stores logs under ~/.sentinel. Before installing/using: (1) review and test the scripts on non-sensitive sample data; (2) be aware the canary tool can modify files you point it at (e.g., SOUL.md or other prompts) — back up those files first; (3) the premium rules require jq and an optional premium_patterns.json file (if absent the premium check is a no-op); (4) expect false positives (hex strings or common words may trigger crypto/secret heuristics) — tune thresholds/patterns in ~/.sentinel/config.sh or by editing the patterns; (5) there are no hidden network calls in the provided scripts, but always inspect any third-party premium patterns before placing them in ~/.sentinel. If you need the sentinel to be enforced platform-wide, note that this package does not automatically force inclusion — you must integrate the scripts into your agent pipeline yourself.Like a lobster shell, security has layers — review code before you run it.
latestvk9789k13dkqa4558vtka1fcrsd831nz6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.