Sentinel - AI Agent State Guardian

ReviewAudited by ClawScan on May 1, 2026.

Overview

Sentinel appears to be a coherent local backup and restore skill, but users should configure its automatic restore and persistent monitoring options carefully.

Before installing, configure the workspace and critical file patterns narrowly, run a one-time scan first, keep automatic restore/quarantine disabled until you trust the baseline, protect the backup directory, and monitor disk usage because the limitations document says pruning is not yet implemented.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI02: Tool Misuse and Exploitation

What this means

If the baseline, backup, or configuration is wrong, legitimate changes to agent memory or configuration could be reverted or moved automatically.

Why it was flagged

The skill can automatically overwrite or move monitored workspace files when integrity violations are detected. This is central to the backup/self-healing purpose, but it is high-impact file mutation.

Skill content

AUTO_RESTORE_ON_CORRUPTION = True ... Auto-restore — revert changed files from latest clean snapshot ... Quarantine — move changed files to quarantine dir, restore originals

Recommendation

Start with alert-only/manual restore, narrowly define WORKSPACE_ROOT and CRITICAL_FILES, run a test cycle first, and only enable automatic restore/quarantine after confirming the backups are correct.

Low

#ASI10: Rogue Agents

What this means

If installed as a service, the skill may continue monitoring and restoring files after the original task or session ends.

Why it was flagged

The documentation includes user-directed service configurations that keep Sentinel running continuously and restarting automatically.

Skill content

ExecStart=/usr/bin/python3 /path/to/sentinel.py --continuous
Restart=always ... RunAtLoad ... KeepAlive

Recommendation

Only configure the systemd/launchd service if persistent monitoring is desired, and document how to stop or disable the service.

Low

#ASI06: Memory and Context Poisoning

What this means

Backups and restores can preserve or reintroduce stale, incorrect, or sensitive agent state.

Why it was flagged

The default monitored targets include persistent agent identity, profile, memory, configuration, and state files, which may influence future agent behavior if restored from backup.

Skill content

CRITICAL_FILES = [
    "agent.md",
    "profile.md",
    "identity.md",
    "config.md",
    "memory/*.md",
    "config/*.json",
    "state/*.json",
]

Recommendation

Protect the backup directory, exclude secrets where possible, and review restored memory/configuration files before relying on them.