logsentry

v1.0.0

Logging quality & observability analyzer -- detects missing structured logging, sensitive data in logs, inconsistent log levels, and log injection vulnerabil...

⭐ 0· 78·0 current·0 all-time

by@suhteevah

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for suhteevah/logsentry.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "logsentry" (suhteevah/logsentry) from ClawHub.
Skill page: https://clawhub.ai/suhteevah/logsentry
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: git, bash
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install logsentry

ClawHub CLI

Package manager switcher

npx clawhub@latest install logsentry

Security Scan

Capability signals

CryptoRequires walletCan make purchasesRequires OAuth token

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description (logging/observability analyzer) match the shipped scripts (dispatcher.sh, analyzer.sh, patterns.sh, license.sh). Required binaries (git, bash) and the brew install of lefthook are coherent for an agent that installs git hooks and runs shell-based pattern scans. Minor mismatch: README and scripts rely on grep and optional tools (python3, node, jq, openssl, base64) as fallbacks, but the skill metadata only declared git and bash.

ℹ

Instruction Scope

Runtime instructions call local shell scripts to discover and scan files, produce text/JSON/HTML reports, and optionally install lefthook git hooks. The scripts read files under the target path and (for license lookup) ~/.openclaw/openclaw.json; they do not contact remote endpoints. Note: installing the hooks will cause scans to run on staged files (pre-commit/pre-push), which means the skill will read any code you stage — including files that may contain secrets. This behavior is expected for a git-hook-integrated scanner, but you should be aware it reads repo files and the local OpenClaw config.

✓

Install Mechanism

Install uses a known package (lefthook) via Homebrew, and the scripts provide instructions to copy config/lefthook.yml and run lefthook install. No archived downloads, personal servers, or obfuscated installers are used in the included install spec.

ℹ

Credentials

The single primary credential LOGSENTRY_LICENSE_KEY is proportionate to a tiered (Pro/Team) scanner. The license module will also attempt to read ~/.openclaw/openclaw.json to retrieve a stored apiKey if the env var is not set — this is reasonable for convenience but means the skill will parse a local config file that may contain other keys for the user. No other unrelated credentials are requested.

ℹ

Persistence & Privilege

The skill does not request always:true and allows normal user invocation. Installing hooks modifies repository-level lefthook.yml (or appends to it) and runs lefthook install — this is expected for integrating a pre-commit/pre-push scanner but is a persistent change to your git repo configuration and can block commits if findings are high/critical.

Assessment

LogSentry appears to be what it claims: a local, regex-based logging-quality scanner that can integrate with git hooks and uses an optional license key (LOGSENTRY_LICENSE_KEY). Before installing: 1) Review the scripts locally (dispatcher.sh, analyzer.sh, patterns.sh, license.sh) if you can — they run locally and do not send data externally. 2) Be aware that installing hooks will modify your repository's lefthook.yml and will run scans on staged files (you can skip hooks with git commit --no-verify but that bypasses protections). 3) If you don't want the skill to probe your OpenClaw config, do not store a license in ~/.openclaw/openclaw.json or unset LOGSENTRY_LICENSE_KEY; the script will look there for convenience. 4) Ensure you have lefthook installed from a trusted source (brew install lefthook) and that grep, bash, and optional tools (python3/node/jq/openssl) are available if you expect full functionality. 5) If any part of the behavior feels unexpected (automatic repo modification, scanning sensitive files), run the tool in a sandboxed copy of your repository first.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

📝 Clawdis

OSmacOS · Linux · Windows

Binsgit, bash

Primary envLOGSENTRY_LICENSE_KEY

Install

Install lefthook (git hooks manager)

Bins: lefthook

brew install lefthook

latestvk97dx592f0b8mjva3mx8427wsx84v4sb

78downloads

0stars

1versions

Updated 1w ago

v1.0.0

MIT-0

macOS, Linux, Windows

LogSentry -- Logging Quality & Observability Analyzer

LogSentry scans codebases for logging anti-patterns, missing structured logging, sensitive data exposure in log output, inconsistent log levels, missing correlation IDs, and log injection vulnerabilities. It uses regex-based pattern matching against 90 logging-specific patterns across 6 categories, lefthook for git hook integration, and produces markdown reports with actionable remediation guidance. 100% local. Zero telemetry.

Commands

Free Tier (No license required)

`logsentry scan [file|directory]`

One-shot logging quality scan of files or directories.

How to execute:

bash "<SKILL_DIR>/scripts/dispatcher.sh" --path [target]

What it does:

Accepts a file path or directory (defaults to current directory)
Discovers all source files (skips .git, node_modules, binaries, images, .min.js)
Runs 30 logging quality patterns against each file (free tier limit)
Calculates a logging quality score (0-100) per file and overall
Grades: A (90-100), B (80-89), C (70-79), D (60-69), F (<60)
Outputs findings with: file, line number, check ID, severity, description, recommendation
Exit code 0 if score >= 70, exit code 1 if logging quality is poor
Free tier limited to first 30 patterns (SL + LL categories)

Example usage scenarios:

"Scan my code for logging issues" -> runs logsentry scan .
"Check this file for logging anti-patterns" -> runs logsentry scan src/server.ts
"Find sensitive data in my logs" -> runs logsentry scan src/
"Audit logging quality in my project" -> runs logsentry scan .
"Check for log injection vulnerabilities" -> runs logsentry scan .

Pro Tier ($19/user/month -- requires LOGSENTRY_LICENSE_KEY)

`logsentry scan --tier pro [file|directory]`

Extended scan with 60 patterns covering structured logging, log levels, sensitive data, and log injection.

How to execute:

bash "<SKILL_DIR>/scripts/dispatcher.sh" --path [target] --tier pro

What it does:

Validates Pro+ license
Runs 60 logging patterns (SL, LL, SD, LI categories)
Detects sensitive data in logs (passwords, tokens, PII)
Identifies log injection vulnerabilities
Full category breakdown reporting

`logsentry scan --format json [directory]`

Generate JSON output for CI/CD integration.

bash "<SKILL_DIR>/scripts/dispatcher.sh" --path [directory] --format json

`logsentry scan --format html [directory]`

Generate HTML report for browser viewing.

bash "<SKILL_DIR>/scripts/dispatcher.sh" --path [directory] --format html

`logsentry scan --category SD [directory]`

Filter scan to a specific check category (SL, LL, SD, LI, CI, OB).

bash "<SKILL_DIR>/scripts/dispatcher.sh" --path [directory] --category SD

Team Tier ($39/user/month -- requires LOGSENTRY_LICENSE_KEY with team tier)

`logsentry scan --tier team [directory]`

Full scan with all 90 patterns across all 6 categories including correlation IDs and observability.

How to execute:

bash "<SKILL_DIR>/scripts/dispatcher.sh" --path [directory] --tier team

What it does:

Validates Team+ license
Runs all 90 patterns across 6 categories
Includes correlation/context checks (missing request IDs, trace IDs)
Includes observability checks (missing metrics, health checks, audit trails)
Full category breakdown with per-file results

`logsentry scan --verbose [directory]`

Verbose output showing every matched line and pattern details.

bash "<SKILL_DIR>/scripts/dispatcher.sh" --path [directory] --verbose

`logsentry status`

Show license and configuration information.

bash "<SKILL_DIR>/scripts/dispatcher.sh" status

Check Categories

LogSentry detects 90 logging anti-patterns across 6 categories:

Category	Code	Patterns	Description	Severity Range
Structured Logging	SL	15	Missing structured logging, print/println instead of loggers, string concatenation in log messages, missing log context fields	medium -- high
Log Levels	LL	15	Incorrect log level usage, debug in production, missing error-level for exceptions, inconsistent level patterns	low -- high
Sensitive Data	SD	15	Passwords/tokens/PII in log output, logging request bodies, credit card patterns, SSN/email exposure	high -- critical
Log Injection	LI	15	Unsanitized user input in logs, newline injection, CRLF attacks, format string vulnerabilities	high -- critical
Correlation & Context	CI	15	Missing request/trace IDs, missing correlation IDs, no structured context, inconsistent timestamp formats	low -- medium
Observability	OB	15	Missing metrics emission, no health check logging, missing audit trail events, absent error rate tracking	low -- medium

Tier-Based Pattern Access

Tier	Patterns	Categories
Free	30	SL, LL
Pro	60	SL, LL, SD, LI
Team	90	SL, LL, SD, LI, CI, OB
Enterprise	90	SL, LL, SD, LI, CI, OB + priority support

Scoring

LogSentry uses a deductive scoring system starting at 100 (perfect):

Severity	Point Deduction	Description
Critical	-25 per finding	Severe security issue (sensitive data exposure, injection)
High	-15 per finding	Significant quality problem (missing loggers, concatenation)
Medium	-8 per finding	Moderate concern (debug levels, missing context)
Low	-3 per finding	Informational / best practice suggestion

Grading Scale

Grade	Score Range	Meaning
A	90-100	Excellent logging quality
B	80-89	Good logging with minor issues
C	70-79	Acceptable but needs improvement
D	60-69	Poor logging quality
F	Below 60	Critical logging problems

Pass threshold: 70 (Grade C or better)
Exit code 0 = pass (score >= 70)
Exit code 1 = fail (score < 70)

Configuration

Users can configure LogSentry in ~/.openclaw/openclaw.json:

{
  "skills": {
    "entries": {
      "logsentry": {
        "enabled": true,
        "apiKey": "YOUR_LICENSE_KEY_HERE",
        "config": {
          "severityThreshold": "medium",
          "ignorePatterns": ["**/test/**", "**/fixtures/**", "**/*.test.*"],
          "ignoreChecks": [],
          "reportFormat": "text"
        }
      }
    }
  }
}

Important Notes

Free tier works immediately with no configuration
All scanning happens locally -- no code is sent to external servers
License validation is offline -- no phone-home or network calls
Pattern matching only -- no AST parsing, no external dependencies beyond bash
Supports scanning all file types in a single pass
Git hooks use lefthook which must be installed (see install metadata above)
Exit codes: 0 = pass (score >= 70), 1 = fail (for CI/CD integration)
Output formats: text (default), json, html

Error Handling

If lefthook is not installed and user tries hooks, prompt to install it
If license key is invalid or expired, show clear message with link to https://logsentry.pages.dev/renew
If a file is binary, skip it automatically with no warning
If no scannable files found in target, report clean scan with info message
If an invalid category is specified with --category, show available categories

When to Use LogSentry

The user might say things like:

"Scan my code for logging issues"
"Check my logging quality"
"Find sensitive data in my logs"
"Detect log injection vulnerabilities"
"Are there any passwords being logged?"
"Check for missing structured logging"
"Audit my observability practices"
"Find inconsistent log levels"
"Check for missing correlation IDs"
"Scan for logging anti-patterns"
"Run a logging quality audit"
"Generate a logging quality report"
"Check if user input is being logged unsafely"
"Find print statements that should be logger calls"
"Check my code for log injection risks"

Comments

Loading comments...