arc-sentinel
Security monitoring and infrastructure health checks for OpenClaw agents. Run breach monitoring (HaveIBeenPwned), SSL certificate expiry checks, GitHub security audits, credential rotation tracking, secret scanning, git hygiene, token watchdog, and permission audits. Use when performing security scans, checking credential rotation status, auditing repos for leaked secrets, or monitoring SSL certificates and infrastructure health.
Best use case
arc-sentinel is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Security monitoring and infrastructure health checks for OpenClaw agents. Run breach monitoring (HaveIBeenPwned), SSL certificate expiry checks, GitHub security audits, credential rotation tracking, secret scanning, git hygiene, token watchdog, and permission audits. Use when performing security scans, checking credential rotation status, auditing repos for leaked secrets, or monitoring SSL certificates and infrastructure health.
Teams using arc-sentinel should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/arc-sentinel/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How arc-sentinel Compares
| Feature / Agent | arc-sentinel | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Security monitoring and infrastructure health checks for OpenClaw agents. Run breach monitoring (HaveIBeenPwned), SSL certificate expiry checks, GitHub security audits, credential rotation tracking, secret scanning, git hygiene, token watchdog, and permission audits. Use when performing security scans, checking credential rotation status, auditing repos for leaked secrets, or monitoring SSL certificates and infrastructure health.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Arc Sentinel Security monitoring toolkit for OpenClaw agents. Runs automated checks against your infrastructure and reports issues. ## Configuration Before first use, create `sentinel.conf` in the skill directory: ```bash cp sentinel.conf.example sentinel.conf ``` Edit `sentinel.conf` with your values: - **DOMAINS** — Space-separated list of domains to check SSL certificates - **GITHUB_USER** — GitHub username for repo audits - **KNOWN_REPOS** — Space-separated list of expected repo names (unexpected repos trigger warnings) - **MONITOR_EMAIL** — Email address for HaveIBeenPwned breach checks - **HIBP_API_KEY** — Optional; HIBP v3 API key ($3.50/mo) for automated breach lookups Also customize `credential-tracker.json` with your own credentials and rotation policies. A template is provided. ## Quick Start ### Full scan ```bash cd <skill-dir> bash sentinel.sh ``` ### Output - Formatted report to stdout with color-coded severity - JSON report saved to `reports/YYYY-MM-DD.json` - Exit codes: `0` = all clear, `1` = warnings, `2` = critical ## Checks ### 1. SSL Certificate Expiry Check certificate expiry for configured domains. Warns at <30 days, critical at <14 days. ### 2. GitHub Security - List repos and check Dependabot/vulnerability alert status - Review recent account activity for anomalies - Flag unexpected repositories ### 3. Breach Monitoring (HaveIBeenPwned) - Query HIBP API for breached accounts (requires API key) - Falls back to manual check URL if no key is set ### 4. Credential Rotation Tracking Read `credential-tracker.json` and flag credentials that are overdue, approaching expiry, or never rotated. Supports policies: `quarterly` (90d), `6_months` (180d), `annual` (365d), `auto`. ## Additional Scripts | Script | Purpose | |--------|---------| | `scripts/secret-scanner.sh` | Scan repos/files for leaked secrets and API keys | | `scripts/git-hygiene.sh` | Audit git history for security issues | | `scripts/token-watchdog.sh` | Monitor token validity and expiry | | `scripts/permission-auditor.sh` | Audit file and access permissions | | `scripts/skill-auditor.sh` | Audit installed skills for security | | `scripts/full-audit.sh` | Run all scripts in sequence | ## Agent Usage During heartbeats or on request: 1. Run `bash sentinel.sh` from the skill directory 2. Review output for WARN or CRITICAL items 3. Report findings to the human if anything needs attention 4. Update `credential-tracker.json` when credentials are rotated ## Cron Setup ```bash # Weekly Monday 9am 0 9 * * 1 cd /path/to/arc-sentinel && bash sentinel.sh >> reports/cron.log 2>&1 ``` ## Requirements - `openssl` (SSL checks) - `gh` CLI authenticated (GitHub checks) - `curl` (HIBP) - `python3` (JSON processing)
Related Skills
agent-sentinel
The operational circuit breaker for this agent. Enforces budget limits locally. **Sign up at agentsentinel.dev for real-time dashboards and human approval workflows.**
test-sentinel
Writes and runs tests (unit, integration, E2E), performs linting, and auto-fixes failures.
fear-greed-sentinel-teneo
Crypto market sentiment analyzer tracking the Fear & Greed Index. Provides real-time sentiment data, flexible 1-7 day charts, trend analysis, and contrarian trading signals. Identifies buying opportun
git-sentinel
This skill allows the agent to act as a **Senior Software Engineer & Security Auditor**.
security-sentinel
Scan the workspace for security vulnerabilities, exposed secrets, and misconfigurations.
openclaw-sentinel
Supply chain security for agent skills. Pre-install inspection, post-install scanning, obfuscation detection, and known-bad signature matching. Verify skills are safe before they touch your workspace. Free alert layer — upgrade to openclaw-sentinel-pro for quarantine, blocking, and community threat feeds.
openclaw-sentinel-pro
Full supply chain security suite: scan skills for obfuscation and malware patterns, auto-quarantine risky skills, generate SBOMs, continuous monitoring, and community threat feeds. Everything in openclaw-sentinel (free) plus automated countermeasures.
ai-sentinel
Prompt injection detection and security scanning for OpenClaw agents.
paylock
Non-custodial SOL escrow for AI agent deals.
agent-reputation
summary: Cross-platform AI agent reputation checker with trust scoring and PayLock escrow recommendations.
Telecom Agent Skill
Turn your AI Agent into a Telecom Operator. Bulk calling, ChatOps, and Field Monitoring.
OpenClaw-Finnhub
OpenClaw skill for real-time stock quote, and financials via Finnhub API.