Skillv1.0.4

ClawScan security

Open Sentinel - Agent Reliability Layer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 23, 2026, 3:06 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requirements and runtime instructions are coherent with a proxy that evaluates LLM responses; minor documentation/inventory inconsistencies and the fact that the actual PyPI package is not included mean you should verify the package before installing.
Guidance: This skill appears to do what it says: a local proxy that evaluates LLM responses. Before installing: (1) verify the PyPI package 'opensentinel' and the GitHub repo links in the SKILL.md actually match and are trustworthy; (2) inspect the package contents (or review its source repo) for telemetry endpoints, network calls, or unexpected background behavior; (3) run the package in a sandboxed environment or container and use least-privilege API keys (rotate or use test keys) when first testing; (4) review and disable/trust tracing/OTLP/langfuse settings to avoid sending sensitive spans externally; (5) confirm which provider API keys the runtime needs (Anthropic vs OpenAI/Gemini) and only supply keys appropriate to your usage. Because the registry bundle did not include the actual package code, these verifications are recommended to raise confidence beyond 'medium'.

Review Dimensions

Purpose & Capability: okName and description claim a transparent proxy that evaluates LLM responses; requiring a provider API key and python3 is consistent with that purpose. The skill documentation repeatedly references calling provider LLMs (Anthropic/Claude) and running a local proxy, which aligns with the declared purpose.
Instruction Scope: noteSKILL.md instructs installing the opensentinel package and running a local proxy (osentinel serve) and to set an LLM API key. It does not instruct reading unrelated system files or exfiltrating data. One item to note: tracing/OTLP and external telemetry (langfuse) are configurable in examples — if enabled, telemetry could be sent to external endpoints, so users should audit tracing settings before enabling them.
Install Mechanism: noteThe skill is instruction-only in the registry, but SKILL.md recommends pip install opensentinel (PyPI). Installing from PyPI is a common pattern but introduces typical supply-chain risk — the actual package contents were not included for review here, so verify the PyPI package and upstream GitHub repository before installing.
Credentials: notePrimaryEnv is ANTHROPIC_API_KEY which is reasonable for the judge engine. The README and SKILL.md also mention OPENAI_API_KEY and GEMINI_API_KEY as alternatives but those are not declared as required env vars; this mismatch is minor but worth confirming. No unrelated secrets or file paths are requested.
Persistence & Privilege: okalways:false (not force-included). The skill does not request elevated platform privileges or modify other skills' configs. It runs as a local proxy and does not claim persistent system-wide modifications.