Sentinel — Agent Security Layer
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (system-prompt-override); human review is required before treating this skill as clean.
Before installing, understand that this is a local script-based filter, not a guaranteed automatic security layer unless you integrate it into your agent workflow. Review the shell scripts, protect ~/.sentinel, and be careful when injecting canaries into prompt files. ClawScan detected prompt-injection indicators (system-prompt-override), so this skill requires review even though the model response was benign.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users may overestimate how much protection is active unless they actually wire the scripts into every relevant workflow.
The skill describes automatic interception, but the artifacts show a manual rule-based integration rather than an enforced runtime hook.
Automatic input interception ... Full Pipeline Integration ... In AGENTS.md — add these rules: All external content MUST be piped through: sentinel-input.sh --clean
Treat it as a local helper/filter and verify that your agent is really routing external inputs and outputs through it.
A tampered ~/.sentinel/config.sh could run commands whenever the input scanner is used.
The scanner sources a local shell config file when it runs, so that file can execute shell code if modified.
CONFIG_FILE="${HOME}/.sentinel/config.sh"
[[ -f "$CONFIG_FILE" ]] && source "$CONFIG_FILE"Keep ~/.sentinel/config.sh under your control, avoid making it writable by other users or tools, and review it before enabling the scanner broadly.
The canary can help detect prompt leaks, but it also changes persistent agent context and may affect future runs.
The canary feature intentionally adds persistent hidden marker content to a prompt-related file chosen by the user.
sentinel-canary.sh --inject TOKEN FILE # Inject canary into SOUL.md or system prompt
Use canary injection only on files you intend to modify, keep backups, and document where canaries were added.
Local canary records remain after generation and could reveal which tokens are being used if someone can read that directory.
The skill persists generated canary tokens locally under the user's home directory.
CANARY_DIR="${HOME}/.sentinel/canaries"
mkdir -p "$CANARY_DIR"
...
echo "{\"token\":\"$TOKEN\",\"created\":\"$CREATED\"}" > "$CANARY_DIR/$TOKEN.json"Protect the ~/.sentinel directory and clear old canary/log files when they are no longer needed.
Users have less provenance and setup assurance for a security-sensitive tool.
The registry metadata does not provide a source repository or install specification even though executable scripts are included.
Source: unknown Homepage: none No install spec — this is an instruction-only skill.
Review the included scripts before use and prefer installing from a verifiable source if available.