AgentSkillsCN

openclaw-sentry

扫描工作空间文件,排查潜在的敏感信息泄露:API 密钥、令牌、密码、私钥以及各类凭据。支持检测 AWS、GitHub、Slack、Stripe、OpenAI、Anthropic、Google、Azure 等平台的密钥与更多敏感信息。免费预警层——如需进一步强化自动屏蔽、隔离管控与防御措施,可升级至 openclaw-sentry-pro。

SKILL.md
--- frontmatter
name: openclaw-sentry
description: "Scan workspace files for leaked secrets: API keys, tokens, passwords, private keys, and credentials. Detects AWS, GitHub, Slack, Stripe, OpenAI, Anthropic, Google, Azure keys and more. Free alert layer — upgrade to openclaw-sentry-pro for automated redaction, quarantine, and defense."
user-invocable: true
metadata: {"openclaw":{"emoji":"🔑","requires":{"bins":["python3"]},"os":["darwin","linux","win32"]}}

OpenClaw Sentry

Scans your agent workspace for leaked secrets — API keys, tokens, passwords, private keys, and credentials that should never be in plain text.

The Problem

Agent workspaces accumulate secrets: API keys in config files, tokens in memory logs, passwords in environment files. A single leaked credential can compromise your entire infrastructure. Existing secret scanners work on git repos — nothing watches the agent workspace itself.

Need automated countermeasures? Upgrade to openclaw-sentry-pro for redaction, quarantine, and defense.

Commands

Full Scan

Scan all workspace files for secrets and high-risk files.

bash
python3 {baseDir}/scripts/sentry.py scan --workspace /path/to/workspace

Check Single File

Check a specific file for secrets.

bash
python3 {baseDir}/scripts/sentry.py check MEMORY.md --workspace /path/to/workspace

Quick Status

One-line summary of secret exposure risk.

bash
python3 {baseDir}/scripts/sentry.py status --workspace /path/to/workspace

What It Detects

ProviderPatterns
AWSAccess keys (AKIA...), secret keys
GitHubPATs (ghp_, gho_, ghs_, ghr_, github_pat_)
SlackBot/user tokens (xox...), webhooks
StripeSecret keys (sk_live_), publishable keys
OpenAIAPI keys (sk-...)
AnthropicAPI keys (sk-ant-...)
GoogleAPI keys (AIza...), OAuth secrets
AzureStorage account keys
GenericAPI keys, secrets, passwords, bearer tokens, connection strings
CryptoPEM private keys, .key/.pem/.p12 files
DatabasePostgreSQL/MySQL/MongoDB/Redis URLs with credentials
JWTJSON Web Tokens
Environment.env files with variables

Exit Codes

  • 0 — Clean, no secrets found
  • 1 — Warnings (high-risk files detected)
  • 2 — Critical secrets found

No External Dependencies

Python standard library only. No pip install. No network calls. Everything runs locally.

Cross-Platform

Works with OpenClaw, Claude Code, Cursor, and any tool using the Agent Skills specification.