ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Sentinel QA — World-Class AI Audit & Quality System

v1.0.1

World-class autonomous quality assurance skill system. Use ANY time the user asks to review, check, audit, validate, QA, proofread, inspect, approve, reject,...

0· 103·0 current·0 all-time
by@tenlifejosh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to be an all-purpose QA/audit system for published assets (Gumroad products, email campaigns, KDP, social posts, etc.). The SKILL.md and references explicitly require testing live flows (test purchases, verify downloads, check conversion rates, verify SPF/DKIM and sender authentication, run audit sweeps). Yet the skill declares no required environment variables, no config paths, and no binaries. That is inconsistent: platform access and transaction testing normally require credentials and platform-specific access. The mismatch could be benign (the agent environment provides those integrations), but the skill should have declared any needed credentials or scope.
!
Instruction Scope
Instructions are detailed and checklist-driven (read reference files, run domain-specific checklists, produce PASS/FAIL with evidence). However they also instruct actions that reach beyond local files: 'test purchase to verify flow', 'test email received by test address', 'check sales this month vs last month', 'test purchase completed successfully', and escalate for legal/privacy issues. Those steps imply interacting with external services and possibly performing financial transactions. The skill also refers to persistent failure logs (memory/sentinel-failures.json) and escalation to 'Hutch' without a clear, secure communication mechanism. This breadth of action is not narrow or purely analytical — it can have real-world side effects.
Install Mechanism
Instruction-only skill with no install spec and no code files: lowest installation risk. Nothing in the package attempts to download or execute external code. The references are local documents that the agent is told to read.
!
Credentials
The skill requests no environment variables or credentials, yet many required checks (platform listing health, purchase flow testing, analytics metrics, SPF/DKIM verification, testing email deliverability) inherently need access to external accounts or APIs. Either the agent will rely on pre-provisioned integrations (not declared here), or the skill will fail or attempt to act with whatever access the agent already has. The lack of declared, proportionate credentials is a mismatch that could lead to unexpected use of other agent-held secrets.
Persistence & Privilege
The skill is not marked always:true and does not install persistent code, but its references describe writing to a failure log and maintaining a memory file (memory/sentinel-failures.json) and creating new QA rules over time. Persisting QA logs is reasonable for a QA skill, but combined with autonomous invocation and the potential to perform actions on live platforms, that persistence increases operational footprint. There is no explicit instruction for requiring human confirmation before executing destructive or billable actions (e.g., purchases).
Scan Findings in Context
[no-regex-findings] expected: Scanner found no code-level regex matches because this is an instruction-only skill with only documentation/reference files. That is expected; the security surface is the SKILL.md instructions and reference files, not executable code.
What to consider before installing
This skill appears to be a thorough QA checklist system and is internally consistent as documentation, but it expects the agent to test and interact with live services (purchases, downloads, email deliverability, analytics) without declaring any credentials or endpoints. Before installing or enabling this skill: 1) Confirm what external integrations your agent already has access to (Gumroad, KDP, email provider, analytics) and who would pay for test purchases. 2) If you want the skill to run checks, provide safe, least-privilege/test/staging credentials (read-only APIs where possible, sandbox payment accounts) and never give production payment credentials without explicit human approval. 3) Require a human confirmation step for any action that would charge money, publish content, or modify live listings. 4) Clarify escalation channels (who/where is 'Hutch') and logging/persistence policies so sensitive data isn't written to unexpected storage. 5) If the skill will be used across organizations, ask the author for a manifest of required integrations and a justification for any account-level access. If you cannot confirm these, treat the skill as potentially able to perform impactful actions and restrict its permissions or run it in a locked/staging environment.

Like a lobster shell, security has layers — review code before you run it.

auditvk975h7k5b216mnq40248a9m89983ajsfbrandvk975h7k5b216mnq40248a9m89983ajsfcompliancevk975h7k5b216mnq40248a9m89983ajsflatestvk970ra19sy08ad02twyafk2fg583caw3qavk975h7k5b216mnq40248a9m89983ajsfqualityvk975h7k5b216mnq40248a9m89983ajsfreviewvk975h7k5b216mnq40248a9m89983ajsfriskvk975h7k5b216mnq40248a9m89983ajsfsentinelvk975h7k5b216mnq40248a9m89983ajsf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments