Jentic
ReviewAudited by ClawScan on May 10, 2026.
Overview
Jentic is a transparent external-API broker skill with broad delegated API power, but the artifacts disclose the security model, user approval boundaries, and setup risks.
Install only if you want OpenClaw to call external APIs through Jentic. Prefer running Jentic Mini on a separate trusted machine, keep the Jentic API key private, use least-privilege policies, and require human approval for OAuth connections, credential changes, and write-capable API permissions.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may be able to read from or write to connected services such as email, GitHub, or payment APIs through Jentic.
The skill exposes a general API proxy that can perform authenticated GET or POST requests to upstream APIs. This is central to the skill’s purpose, but mistakes or prompt-injected tasks could affect connected services if permissions allow it.
**Execute via broker proxy:** `GET|POST {JENTIC_URL}/<upstream-host>/<path>` — Jentic injects credentials automatically.Use least-privilege Jentic policies, require explicit confirmation for write or high-impact actions, and use Jentic’s access-request workflow for expanded permissions.
If the Jentic key or toolkit policy is too broad, the agent could act across multiple connected accounts and services.
The Jentic API key is delegated authority for the agent to execute brokered API operations and request more access. This is disclosed and purpose-aligned, but the key should be treated as sensitive.
| **Agent (you)** | `X-Jentic-API-Key: tk_xxx` | Search, inspect, execute, submit permission requests, generate OAuth connect links |
Keep the Jentic API key private, scope connected credentials and policies narrowly, and approve permission expansions only through the human UI.
Running this setup can install Docker and alter local user permissions.
The optional local setup path includes running a remote Docker installer with sudo. The step is user-directed and related to the Jentic Mini backend, but it changes the local system.
curl -fsSL https://get.docker.com | sudo sh && sudo usermod -aG docker $USER && newgrp docker
Run local setup only if you understand the system changes, prefer a separate host for production, and review installer sources before executing them.
Sensitive API data, such as email, calendar, repository, or billing information, may pass through the configured Jentic server.
Requests and responses for external APIs are routed through the Jentic broker. This is the expected architecture, but users should understand that API data transits the configured Jentic backend.
The broker acts as a transparent auth proxy: any tool that can set a base URL and inject custom HTTP headers can route through it.
Use a trusted Jentic backend, prefer the documented separate-machine deployment, and ensure transport, access controls, and credential policies are configured appropriately.
A compromised or misled agent on the same machine could potentially bypass Jentic’s intended approval boundary and affect stored credentials or policies.
The artifact explicitly identifies a containment failure if the agent and credential broker are co-located. It recommends a separate machine and frames local deployment as development/testing only.
Running Jentic Mini on the same machine as your OpenClaw instance means the agent has access to the Docker environment directly. It can `docker exec` into the container and read or modify the database, bypassing the security model entirely.
For real accounts or production use, run Jentic Mini on a separate machine and avoid giving the agent Docker or host-level access to the credential store.