openclaw-sentinelSupply chain security for agent skills. Pre-install inspection, post-install scanning, obfuscation detection, and known-bad signature matching. Verify skills are safe before they touch your workspace. Free alert layer β upgrade to openclaw-sentinel-pro for quarantine, blocking, and community threat feeds.
Install via ClawdBot CLI:
clawdbot install AtlasPA/openclaw-sentinelSupply chain security scanner for agent skills. Detects obfuscated code, known-bad signatures, suspicious install behaviors, dependency confusion, and metadata inconsistencies β before and after installation.
You install skills from the community. Any skill can contain obfuscated payloads, post-install hooks that execute arbitrary code, or supply chain attacks that modify other skills in your workspace. Existing tools verify file integrity after the fact β nothing inspects skills for supply chain risks before they run.
Deep scan of all installed skills for supply chain risks. Checks file hashes against a local threat database, detects obfuscated code patterns, suspicious install behaviors, dependency confusion, and metadata inconsistencies. Generates a risk score (0-100) per skill.
python3 {baseDir}/scripts/sentinel.py scan --workspace /path/to/workspacepython3 {baseDir}/scripts/sentinel.py scan openclaw-warden --workspace /path/to/workspaceScan a skill directory BEFORE copying it to your workspace. Outputs a SAFE/REVIEW/REJECT recommendation and shows exactly what binaries, network calls, and file operations the skill will perform.
python3 {baseDir}/scripts/sentinel.py inspect /path/to/skill-directoryView current threat database statistics.
python3 {baseDir}/scripts/sentinel.py threats --workspace /path/to/workspaceImport a community-shared threat list.
python3 {baseDir}/scripts/sentinel.py threats --update-from threats.json --workspace /path/to/workspaceSummary of installed skills, scan history, and risk score overview.
python3 {baseDir}/scripts/sentinel.py status --workspace /path/to/workspaceIf --workspace is omitted, the script tries:
OPENCLAW_WORKSPACE environment variable~/.openclaw/workspace (default)| Category | Patterns |
|----------|----------|
| Encoded Execution | eval(base64.b64decode(...)), exec(compile(...)), eval/exec with encoded strings |
| Dynamic Imports | \_\_import\_\_('os').system(...), dynamic subprocess/ctypes imports |
| Shell Injection | subprocess.Popen with shell=True + string concatenation, os.system() |
| Remote Code Exec | urllib/requests combined with exec/eval β download-and-run patterns |
| Obfuscation | Lines >1000 chars, high-entropy strings, minified code blocks |
| Install Behaviors | Post-install hooks, auto-exec in \_\_init\_\_.py, cross-skill file writes |
| Hidden Files | Non-standard dotfiles and hidden directories |
| Dependency Confusion | Skills shadowing popular package names, typosquatting near-matches |
| Metadata Mismatch | Undeclared binaries, undeclared env vars, invocable flag inconsistencies |
| Serialization | pickle.loads, marshal.loads β arbitrary code execution via deserialization |
| Known-Bad Hashes | File SHA-256 matches against local threat database |
Each skill receives a score from 0-100:
| Score | Label | Meaning |
|-------|-------|---------|
| 0 | CLEAN | No issues detected |
| 1-19 | LOW | Minor findings, likely benign |
| 20-49 | MODERATE | Review recommended |
| 50-74 | HIGH | Significant risk, review required |
| 75-100 | CRITICAL | Serious supply chain risk |
Community-shared threat lists use this JSON format:
{
"hashes": {
"<sha256hex>": {"name": "...", "severity": "...", "description": "..."}
},
"patterns": [
{"name": "...", "regex": "...", "severity": "..."}
]
}0 β Clean, no issues1 β Review needed2 β Threats detectedPython standard library only. No pip install. No network calls. Everything runs locally.
Works with OpenClaw, Claude Code, Cursor, and any tool using the Agent Skills specification.
Generated Mar 1, 2026
Large organizations deploying AI agents across departments use OpenClaw Sentinel to audit all installed skills for supply chain risks before they run, ensuring compliance with internal security policies and preventing unauthorized code execution. It scans for obfuscated payloads and suspicious install behaviors, generating risk scores to prioritize reviews and mitigate threats in development and production environments.
Individual developers and small teams using AI coding assistants like Claude Code or Cursor integrate Sentinel to inspect community-shared skills pre-installation, detecting dependency confusion and metadata inconsistencies. This prevents supply chain attacks that could modify other skills or execute arbitrary code, maintaining a secure and reliable workspace without external dependencies.
Healthcare and government agencies employ Sentinel to scan AI agent skills for encoded execution and known-bad signatures, ensuring adherence to data protection regulations and minimizing operational risks. The tool's local threat database and cross-platform support allow for offline audits, providing detailed reports on shell injection and serialization vulnerabilities without network calls.
Universities and research labs use Sentinel to secure AI agent skills in academic projects, inspecting for remote code execution and hidden files to prevent malware spread in collaborative settings. It offers quick status checks and threat database management, enabling students and researchers to safely experiment with community skills while learning about supply chain security best practices.
Platforms hosting AI agent skill marketplaces integrate Sentinel to pre-screen submissions for obfuscation and install behaviors, ensuring only safe skills are listed for users. This reduces support costs and builds trust by providing SAFE/REVIEW/REJECT recommendations based on risk scoring, helping maintain a secure ecosystem for skill distribution and adoption.
Offer a free basic version of Sentinel for individual developers and small teams, with premium features like advanced threat database updates, automated reporting, and enterprise support for large organizations. Revenue is generated through subscription tiers, targeting businesses that require compliance auditing and enhanced security integrations.
Sell licenses to corporations for deploying Sentinel across their AI agent infrastructure, bundled with consulting services for custom threat database management and security training. This model leverages the tool's cross-platform capabilities to provide tailored solutions, generating revenue from one-time purchases and ongoing service contracts.
Partner with AI agent platforms and skill marketplaces to integrate Sentinel as a vetting service, charging per scan or through revenue-sharing agreements. Offer an API for developers to programmatically inspect skills, creating a scalable revenue stream from high-volume usage and platform partnerships.
π¬ Integration Tip
Set the OPENCLAW_WORKSPACE environment variable for automatic workspace detection, and use the pre-install inspection command to vet skills before deployment to avoid supply chain risks.
Transform AI agents from task-followers into proactive partners that anticipate needs and continuously improve. Now with WAL Protocol, Working Buffer, Autonomous Crons, and battle-tested patterns. Part of the Hal Stack π¦
Use the ClawdHub CLI to search, install, update, and publish agent skills from clawdhub.com. Use when you need to fetch new skills on the fly, sync installed skills to latest or a specific version, or publish new/updated skill folders with the npm-installed clawdhub CLI.
Clawdbot documentation expert with decision tree navigation, search scripts, doc fetching, version tracking, and config snippets for all Clawdbot features
Interact with Moltbook social network for AI agents. Post, reply, browse, and analyze engagement. Use when the user wants to engage with Moltbook, check their feed, reply to posts, or track their activity on the agent social network.
OpenClaw CLI wrapper β gateway, channels, models, agents, nodes, browser, memory, security, automation.
MoltGuard β runtime security plugin for OpenClaw agents by OpenGuardrails. Helps users install, register, activate, and check the status of MoltGuard. Use wh...