Openclaw Sentry — 技能 — openclaw中文资讯站

技能详情（站内镜像，无评论）

Scan workspace files for leaked secrets: API keys, tokens, passwords, private keys, and credentials. Detects AWS, GitHub, Slack, Stripe, OpenAI, Anthropic, Google, Azure keys and more. Free alert layer — upgrade to openclaw-sentry-pro for automated redaction, quarantine, and d…

通信与消息

许可证：MIT-0

MIT-0 ·免费使用、修改和重新分发。无需归因。

版本：v1.0.2

统计：⭐ 1 · 1.3k · 4 current installs · 4 all-time installs

⭐ 1

安装量（当前） 4

🛡 VirusTotal ：良性 · OpenClaw ：可疑

Package：atlaspa/openclaw-sentry

安全扫描（ClawHub）

VirusTotal ：良性
OpenClaw ：可疑

OpenClaw 评估

The skill does what it claims (scanning for secrets) but includes built-in redaction/quarantine/defense operations and an unclear free/pro split, can modify or move files in your workspace, and comes from an unknown source — review before installing or running on real data.

目的

Name/description match the included functionality (workspace secret scanning) and the only required binary is python3 — that is coherent. However the published description advertises a 'free alert layer' with redaction/quarantine/defense behind a paid upgrade, while the included script exposes commands (redact, quarantine, unquarantine, defend, protect) that perform modifications locally. The presence of destructive/defensive features inside a…

说明范围

SKILL.md instructs running scripts/sentry.py against a workspace, which is consistent with scanning. But the documented commands include redact/quarantine/defend/protect in addition to scan/check/status — these operations will modify, move, or write files inside the workspace (create .quarantine, modify files for redaction, potentially write .gitignore or policy files). The instructions also auto-detect a workspace from OPENCLAW_WORKSPACE or d…

安装机制

No install spec (instruction-only) and the only required runtime is python3. The code file is bundled inside the skill (scripts/sentry.py) and uses only Python standard library modules — there are no downloads or external install steps. This low-install footprint reduces supply-chain risk, provided the bundled code is trusted.

证书

The skill declares no required environment variables or credentials. The script will optionally read OPENCLAW_WORKSPACE (auto-detection) if not given an explicit --workspace; this is reasonable for workspace detection. It does not request cloud credentials or tokens to perform scanning/exfiltration (no network libraries observed).

持久

The skill is not always:true and is user-invocable only, which is appropriate. However it intentionally writes to and reorganizes workspace content (quarantine directory, potential redactions, .gitignore/policy files). Those side effects are persistent and could remove or alter files. The skill does not require elevated platform privileges, but its file-modifying capabilities are powerful and should be run only with explicit user consent and b…

安装（复制给龙虾 AI）

将下方整段复制到龙虾中文库对话中，由龙虾按 SKILL.md 完成安装。

请把本段交给龙虾中文库（龙虾 AI）执行：为本机安装 OpenClaw 技能「Openclaw Sentry」。简介：Scan workspace files for leaked secrets: API keys, tokens, passwords, private k…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装：https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/atlaspa/openclaw-sentry/SKILL.md
（来源：yingzhi8.cn 技能库）

SKILL.md

打开原始 SKILL.md（GitHub raw）

---
name: openclaw-sentry
user-invocable: true
metadata: {"openclaw":{"emoji":"🔑","requires":{"bins":["python3"]},"os":["darwin","linux","win32"]}}
---

# OpenClaw Sentry

Scans your agent workspace for leaked secrets — API keys, tokens, passwords, private keys, and credentials that should never be in plain text.

## The Problem

Agent workspaces accumulate secrets: API keys in config files, tokens in memory logs, passwords in environment files. A single leaked credential can compromise your entire infrastructure. Existing secret scanners work on git repos — nothing watches the agent workspace itself.


## Commands

### Full Scan

Scan all workspace files for secrets and high-risk files.

```bash
python3 {baseDir}/scripts/sentry.py scan --workspace /path/to/workspace
```

### Check Single File

Check a specific file for secrets.

```bash
python3 {baseDir}/scripts/sentry.py check MEMORY.md --workspace /path/to/workspace
```

### Quick Status

One-line summary of secret exposure risk.

```bash
python3 {baseDir}/scripts/sentry.py status --workspace /path/to/workspace
```

## What It Detects

| Provider | Patterns |
|----------|----------|
| **AWS** | Access keys (AKIA...), secret keys |
| **GitHub** | PATs (ghp_, gho_, ghs_, ghr_, github_pat_) |
| **Slack** | Bot/user tokens (xox...), webhooks |
| **Stripe** | Secret keys (sk_live_), publishable keys |
| **OpenAI** | API keys (sk-...) |
| **Anthropic** | API keys (sk-ant-...) |
| **Google** | API keys (AIza...), OAuth secrets |
| **Azure** | Storage account keys |
| **Generic** | API keys, secrets, passwords, bearer tokens, connection strings |
| **Crypto** | PEM private keys, .key/.pem/.p12 files |
| **Database** | PostgreSQL/MySQL/MongoDB/Redis URLs with credentials |
| **JWT** | JSON Web Tokens |
| **Environment** | .env files with variables |

## Exit Codes

- `0` — Clean, no secrets found
- `1` — Warnings (high-risk files detected)
- `2` — Critical secrets found

## No External Dependencies

Python standard library only. No pip install. No network calls. Everything runs locally.

## Cross-Platform

Works with OpenClaw, Claude Code, Cursor, and any tool using the Agent Skills specification.