Security Audit

agent-sentinel

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

agent-sentinel received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Unpinned Third-Party Dependency, API Key Exposed via Command-Line Argument.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Filesystem Write

1 finding

Shell Execution

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Unpinned Third-Party Dependency The skill's installation instructions specify `agentsentinel-sdk[remote]` without pinning it to a specific version. This allows for automatic updates to the dependency, which could introduce breaking changes, vulnerabilities, or even malicious code if the package maintainer's repository is compromised. It's a significant supply chain risk. Pin the `agentsentinel-sdk` dependency to a specific, known-good version (e.g., `pip install 'agentsentinel-sdk[remote]==1.2.3'`). Regularly review and update the pinned version after verifying its integrity.	LLM	SKILL.md:15
MEDIUM	API Key Exposed via Command-Line Argument The `login` command expects the `key` (API Key) as a direct command-line argument. Sensitive information passed as command-line arguments can be visible in process lists (`ps aux`), shell history, and system logs, making it vulnerable to credential harvesting by other users or processes on the same system. While the key is subsequently stored in a `.env` file, its initial handling is insecure. Modify the `login` command to prompt for the API key securely using a method like `getpass` (which prevents input from being echoed to the console and stored in history) or to read it from a file with restricted permissions, rather than accepting it as a command-line argument.	LLM	sentinel_wrapper.py:90

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/e59122b98ead0eb2.svg)](https://skillshield.io/report/e59122b98ead0eb2)