ClawHub

Sentry Issues

v1.0.0

Fetch and analyze issues from Sentry error tracking. Use when asked to check Sentry errors, pull issues, investigate exceptions, review error trends, or get...

0· 633·1 current·1 all-time
byDave@dave-b-b
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The SKILL.md and included script implement exactly what the name/description claim: querying Sentry issues and optionally fetching stack traces. However, the registry metadata lists no required environment variables or primary credential while both SKILL.md and the script clearly require an auth token (SENTRY_AUTH_TOKEN or --token). This mismatch is unexplained and reduces trust in the manifest.
Instruction Scope
Runtime instructions are narrowly scoped: call the Sentry API (sentry.io) using a provided token, org and project slugs, and optionally an issue id or query. The SKILL.md does not instruct the agent to read unrelated files, system secrets, or send data to third-party endpoints other than Sentry.
Install Mechanism
There is no install spec (instruction-only skill) and the included Python script is executed directly. No external downloads or package installs are requested, so nothing arbitrary is written to disk by an installer.
!
Credentials
The script legitimately needs a Sentry auth token with project:read and event:read scopes. However, the skill metadata does not declare this required environment variable or a primary credential. The token is sensitive — it grants read access to project events and stack traces — so omission from declared requirements is a notable inconsistency that should be fixed or explained.
Persistence & Privilege
The skill does not request permanent presence (always is false), does not modify other skills or system settings, and does not request elevated platform privileges.
What to consider before installing
This skill's code and instructions match its stated purpose (fetching Sentry issues), but the package metadata fails to declare the required SENTRY_AUTH_TOKEN/primary credential. Before installing or running: 1) Verify the skill owner/trustworthiness and ask them to update the metadata to declare SENTRY_AUTH_TOKEN as the primary credential. 2) Create a Sentry token with the minimal scopes needed (project:read, event:read) and avoid using broader or write-scoped tokens. 3) Review the included script (you already have it) to confirm it only calls sentry.io and doesn't exfiltrate data elsewhere. 4) Be aware that issue details and stack traces can contain sensitive information (PII, secrets, file paths) — avoid posting outputs publicly. 5) If in doubt, run the script in an isolated environment or with a token that has access only to a test project.

Like a lobster shell, security has layers — review code before you run it.

latestvk9764w9h9eezx218ck6yn89yyx81fphc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments