SkillHub

openclaw-sentinel

v1.0.2

智能体技能供应链安全防护,涵盖预安装检查、安装后扫描、混淆检测及恶意签名匹配,确保技能安全入库。免费版提供告警,升级openclaw-sentinel-pro可享隔离、拦截及社区威胁情报。

Sourced from ClawHub, Authored by AtlasPA

Installation

Please help me install the skill `openclaw-sentinel` from SkillHub official store. npx skills add AtlasPA/openclaw-sentinel

OpenClaw Sentinel

Supply chain security scanner for agent skills. Detects obfuscated code, known-bad signatures, suspicious install behaviors, dependency confusion, and metadata inconsistencies — before and after installation.

The Problem

You install skills from the community. Any skill can contain obfuscated payloads, post-install hooks that execute arbitrary code, or supply chain attacks that modify other skills in your workspace. Existing tools verify file integrity after the fact — nothing inspects skills for supply chain risks before they run.

Commands

Scan Installed Skills

Deep scan of all installed skills for supply chain risks. Checks file hashes against a local threat database, detects obfuscated code patterns, suspicious install behaviors, dependency confusion, and metadata inconsistencies. Generates a risk score (0-100) per skill.

python3 {baseDir}/scripts/sentinel.py scan --workspace /path/to/workspace

Scan a Single Skill

python3 {baseDir}/scripts/sentinel.py scan openclaw-warden --workspace /path/to/workspace

Pre-Install Inspection

Scan a skill directory BEFORE copying it to your workspace. Outputs a SAFE/REVIEW/REJECT recommendation and shows exactly what binaries, network calls, and file operations the skill will perform.

python3 {baseDir}/scripts/sentinel.py inspect /path/to/skill-directory

Manage Threat Database

View current threat database statistics.

python3 {baseDir}/scripts/sentinel.py threats --workspace /path/to/workspace

Import a community-shared threat list.

python3 {baseDir}/scripts/sentinel.py threats --update-from threats.json --workspace /path/to/workspace

Quick Status

Summary of installed skills, scan history, and risk score overview.

python3 {baseDir}/scripts/sentinel.py status --workspace /path/to/workspace

Workspace Auto-Detection

If --workspace is omitted, the script tries: 1. OPENCLAW_WORKSPACE environment variable 2. Current directory (if AGENTS.md exists) 3. ~/.openclaw/workspace (default)

What It Detects

Category Patterns
Encoded Execution eval(base64.b64decode(...)), exec(compile(...)), eval/exec with encoded strings
Dynamic Imports __import__('os').system(...), dynamic subprocess/ctypes imports
Shell Injection subprocess.Popen with shell=True + string concatenation, os.system()
Remote Code Exec urllib/requests combined with exec/eval — download-and-run patterns
Obfuscation Lines >1000 chars, high-entropy strings, minified code blocks
Install Behaviors Post-install hooks, auto-exec in __init__.py, cross-skill file writes
Hidden Files Non-standard dotfiles and hidden directories
Dependency Confusion Skills shadowing popular package names, typosquatting near-matches
Metadata Mismatch Undeclared binaries, undeclared env vars, invocable flag inconsistencies
Serialization pickle.loads, marshal.loads — arbitrary code execution via deserialization
Known-Bad Hashes File SHA-256 matches against local threat database

Risk Scoring

Each skill receives a score from 0-100:

Score Label Meaning
0 CLEAN No issues detected
1-19 LOW Minor findings, likely benign
20-49 MODERATE Review recommended
50-74 HIGH Significant risk, review required
75-100 CRITICAL Serious supply chain risk

Threat Database Format

Community-shared threat lists use this JSON format:

{
  "hashes": {
    "<sha256hex>": {"name": "...", "severity": "...", "description": "..."}
  },
  "patterns": [
    {"name": "...", "regex": "...", "severity": "..."}
  ]
}

Exit Codes

  • 0 — Clean, no issues
  • 1 — Review needed
  • 2 — Threats detected

No External Dependencies

Python standard library only. No pip install. No network calls. Everything runs locally.

Cross-Platform

Works with OpenClaw, Claude Code, Cursor, and any tool using the Agent Skills specification.