Sentinel Shield
ReviewAudited by ClawScan on May 10, 2026.
Overview
This appears to be a manual security-check tool, but it overstates its runtime protection while reading sensitive local security files and optionally sending alerts to Telegram.
Install only if you understand this is not proven to be an active runtime firewall from the supplied artifacts. Review the monitored file list, keep Telegram disabled unless needed, and verify any claimed tool-call enforcement before relying on it for protection.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may rely on this as an active security layer even though the provided code appears to provide manual checks and local state tracking rather than automatic runtime protection.
This advertises automatic runtime enforcement, but the supplied artifacts show no install spec, autostart, or agent tool-call hook; the main script is a manual CLI. Users could believe they are protected when the enforcement is not evidenced.
Runtime security for OpenClaw agents. Monitors tool calls, enforces rate limits...; "Runaway agents" — 50-call/60s sliding window kills runaway loops automatically
Treat it as a manual audit helper unless the publisher provides a reviewed integration that actually hooks tool calls and enforces blocking.
Running status, audit, or init can read sensitive local security files to compute integrity hashes.
The skill explicitly monitors high-impact authentication and system-control files. The code hashes file contents rather than printing or transmitting them, so this is purpose-aligned, but it is still sensitive local access.
`~/.openclaw/openclaw.json` — Gateway auth token (THE critical file); `~/.ssh/authorized_keys`; `/etc/passwd`; `/etc/sudoers`
Review and narrow config/shield.json monitoredFiles to paths you actually want this skill to read, and avoid running it with unnecessary elevated privileges.
Alert details such as rate-limit events and tool names may be sent to a Telegram chat if configured.
When Telegram is enabled, the skill sends alert messages to an external Telegram API using a configured bot token and chat ID. This is disclosed and disabled by default, but it moves alert metadata outside the local environment.
hostname: 'api.telegram.org', path: `/bot${config.telegram.botToken}/sendMessage`, method: 'POST'Enable Telegram only with a dedicated bot and trusted chat, and avoid including secrets in alert messages or tool names.