Sentinel - AI Agent State Guardian
v1.0.1Automated backup, integrity monitoring, and self-healing for AI agent workspaces. Detects unexpected changes, creates automatic backups, self-heals from corr...
⭐ 0· 195·0 current·0 all-time
byShadow Rose@theshadowrose
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match implementation: code scans a configured WORKSPACE_ROOT, computes hashes, writes a state file, creates timestamped backups, and offers restore/manifest tools. No unrelated cloud or service credentials are requested and required files and operations align with a backup/integrity tool.
Instruction Scope
SKILL.md and code instruct the agent to copy config_example.py to sentinel_config.py and then scan the configured workspace recursively. That means the tool will read any files under WORKSPACE_ROOT and write to BACKUP_DIR and STATE_FILE — expected for this purpose, but potentially wide in scope if WORKSPACE_ROOT is misconfigured (e.g., set to /). The instructions advise running as a service; nothing in SKILL.md asks the agent to read unrelated system credentials or external files.
Install Mechanism
No install spec or external dependencies; code is pure Python stdlib. There is no remote download or archive extraction. This is low risk from supply-chain/install perspective.
Credentials
The skill requests no environment variables or external credentials (ok). It does, however, require write/read access to user-specified filesystem paths (WORKSPACE_ROOT, BACKUP_DIR, STATE_FILE, LOG_FILE, ALERT_FILE). Those locations may contain secrets or sensitive files; storing backups in plain form (no encryption) is documented as a limitation and is expected but important to note.
Persistence & Privilege
Skill is not always-enabled and is user-invocable. It can be run continuously or installed as a systemd/launchd service (documented), which grants it persistent filesystem activity. AUTO_RESTORE_ON_CORRUPTION defaults to True in examples — this can cause automatic overwrites/restores if enabled, so users should test with AUTO_RESTORE disabled until confident.
Assessment
This skill appears to do what it says: local monitoring, backup, manifest, and restore. Before installing or running it, do the following: 1) Review and edit sentinel_config.py to point WORKSPACE_ROOT only at the workspace you intend to monitor (do NOT set it to / or other system-wide paths). 2) Set BACKUP_DIR to a location with sufficient space, ideally on a separate disk or encrypted volume; be aware backups are stored unencrypted and can contain secrets. 3) Set STATE_FILE, LOG_FILE, and ALERT_FILE to safe paths and verify file permissions. 4) Disable AUTO_RESTORE_ON_CORRUPTION until you run several --once cycles and confirm behavior. 5) Run python3 sentinel.py --once to test and inspect generated backups and state files. 6) If you need off-site archival or encryption, integrate a separate tool (rclone, encrypted disk) as suggested in LIMITATIONS.md. 7) Because the code is included and uses only stdlib, you can audit the files locally; if you need network/webhook alerting, note WEBHOOK_URL is optional/not implemented and would require configuration to contact external endpoints.Like a lobster shell, security has layers — review code before you run it.
backupvk97d19h672kdz3xnpntzn3trf582s18hintegrityvk97d19h672kdz3xnpntzn3trf582s18hlatestvk97d19h672kdz3xnpntzn3trf582s18hmonitoringvk97d19h672kdz3xnpntzn3trf582s18hself-healingvk97d19h672kdz3xnpntzn3trf582s18h
License
MIT-0
Free to use, modify, and redistribute. No attribution required.