📦 Arc Sentinel — 安全监控体检
v1.0.0一站式安全运维监控工具:集成 HaveIBeenPwned 泄露检测、SSL 证书过期预警、GitHub 安全审计、凭证轮换追踪、密钥扫描、Git 规范检查、Token 守护与权限审计,帮助 OpenClaw 智能体实时守护基础设施健康。
0· 1.7k·1 当前·1 累计
by 下载技能包
最后更新
2026/4/22
安全扫描
OpenClaw
可疑
medium confidenceThe skill's code and runtime instructions broadly match its stated purpose (local security and secret/token auditing) but there are several mismatches and privacy risks you should understand before installing and running it.
评估建议
Arc Sentinel implements a broad set of local checks and contains many scripts that will read sensitive files (SSH keys, AWS credentials, Docker/NPM/Kube configs, other skills' code), and it will write findings — including matched secret strings — into stdout and report files. Before running it: (1) review the bundled scripts yourself (they are included) to confirm you accept their behavior; (2) do not run as root — run with least privilege or inside an isolated environment (container/VM) to limi...详细分析 ▾
ℹ 用途与能力
The name/description (arc-sentinel — SSL, breach checks, GitHub audits, secret scanning, token watchdog, permission audits) match the included scripts, which implement those checks. However registry metadata (no required binaries, no env vars listed) does not declare dependencies that SKILL.md and the scripts explicitly require (openssl, gh, curl, python3). This metadata mismatch is unexpected and should be corrected.
⚠ 指令范围
Runtime instructions tell the agent to run sentinel.sh which executes multiple scanners that read many sensitive locations (e.g., ~/.ssh, ~/.aws/credentials, ~/.docker/config.json, ~/.kube/config, ~/.config/fulcra/token.json, LaunchAgents, other skills under ~/.openclaw/workspace/skills). The scanners also grep repository contents and git history and will write findings (including matched secret strings) to stdout and JSON/text reports in reports/YYYY-MM-DD.json. There are no explicit steps that upload findings to remote endpoints inside these scripts, but the practice of collecting and saving secrets in local report files is a privacy/exfiltration risk if those reports are later transmitted or accessible. The skill-auditor script will scan other installed skills (reads other skills' files) which is reasonable for an auditor but is broad and should be consented to.
✓ 安装机制
No install spec — instruction-only with bundled scripts. This lowers supply-chain risk (nothing downloaded at install time). All code is present in the package, so reviewable before execution.
⚠ 凭证需求
Registry metadata declares no required environment variables or primary credential, yet the code reads environment and configuration (HOME, AWS_ACCESS_KEY_ID, KUBECONFIG, and many files under $HOME). SKILL.md documents HIBP API key as optional, but this (and other credentials) are not declared in the skill metadata. The scripts access many sensitive config paths and may include secret values in reports; requiring explicit declaration of which credentials/configs are needed and why would be expected for a security tool.
✓ 持久化与权限
always:false (not force-included) and default model invocation settings are used. The skill does not request to modify other skills' configs or set always:true. It will, however, by default scan the skills directory (~/.openclaw/workspace/skills) which reads other skills' files — that is a privileged read action but appears consistent with its auditing purpose and is not the same as persisting or escalating privileges.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/2/2
Initial release: SSL monitoring, GitHub security audits, breach detection, credential rotation tracking
● 可疑
安装命令
点击复制官方npx clawhub@latest install arc-sentinel
镜像加速npx clawhub@latest install arc-sentinel --registry https://cn.longxiaskill.com